You might remember the major Android flaw that hit in 2015 called Stagefright. In its various versions it affected just about every Android gadget in the world. Google eventually made some fixes to reduce the risk, but those are still making their way to older Android gadgets, if manufacturers or carriers are pushing them out at all.
It seems Android's troubles in this area are about to get worse. The danger of Stagefright is that a hacker can send you a text message and just opening the text can run malicious code on your computer. This latest flaw is similar in that it exists in Android's media server, which means running any malicious video or audio can compromise your gadget.
The flaw affects Android versions from 4.4.4 to 6.0.1. Google released a fix at the beginning of December that basically stops Android's default messaging apps from automatically playing media files. However, whether you've gotten the fix is another story. This author got an Android update from Verizon at the start of January and it was to install security updates from early November.
In the meantime, you can reduce your risk by avoiding video and audio files you receiving through text or email. In fact, if you don't recognize the sender, delete the message without opening it. You should also avoid playing or downloading video and audio in your browser that isn't from a legitimate source.