New vulnerability in media players using subtitles allows a hacker to take full control of any device