IBM researchers have finally revealed details of a serious code-execution vulnerability that still affects Android devices running versions 4.3 and earlier. IBM’s researchers found the stack buffer overflow vulnerability that resides in the Android’s KeyStore storage service. The vulnerability occurred due the absent bounds check for a stack buffer created by the “KeyStore::getKeyForName” method. Google is rolling out Android KitKat 4.4 with build number KTU84P to several Nexus devices, including Nexus 4, 5, 7, and 10.
Source: https://thehackernews.com/2014/06/android-43-and-earlier-versions.html