Google has patched a high-severity vulnerability that has been around for the last five years, potentially leaving users’ text messages, call histories, and other sensitive data open to snooping.

The vulnerability, CVE-2016-2060, affects Android versions 4.3 and earlier that use the software package maintained by mobile chipmaker Qualcomm, according to a blog post published by security firm