According to reports, old versions of Android are still vulnerable to the bug.
The new flaw can target PayPal mobile payments, in addition to compromising contacts, photos and other confidential data stored on the device.