Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in Lollipop. The security vulnerability (CVE-2014-7911), discovered by a security researcher named Jann Horn, could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. The flaw resides in Java, which fails to check whether an Object that is being deserialized is actually a serializable object.
Source: https://thehackernews.com/2014/11/billions-of-android-devices-vulnerable.html