An attacker can theoretically exploit the vulnerability in the Android 4.3 and earlier versions with a malicious application, but as explained by the experts at work exploit is hard to realize due to the presence of numerous difficulties like the need to to bypass memory-based protections native to the operating system. Currently Google is distributing the Android KitKat 4.4.4 with build number KTU84P (branch-mr21-release), the new update was mainly issued to fix the CCS Injection Vulnerability ( CVE-2014-0224)”]
Source: https://securityaffairs.co/wordpress/26162/hacking/android-4-3-earlier-flaw.html