Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity. Google patched four remote code-execution (RCE) flaws as part of its May ...

That’s because the bugs, located in the Android System component, could enable a specially crafted transmission to execute arbitrary code within the context of a privileged process.