A five-year-old privilege escalation vulnerability in Android disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Researchers at FireEye s Mandiant Red Team found the flaw, CVE-2016-2060, in Qualcomm software available from the Code Aurora Forum. The vulnerability allows attackers to escalate privileges on a device, leading to further attacks such as stealing SMS or call logs. Older devices are at the greatest risk; newer devices running Android with SE Android are at a lesser risk.
Source: https://threatpost.com/five-year-old-android-flaw-exposes-sms-call-history/117873/