Android Security Bulletin — February 2019:
– most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process
– no reports of active customer exploitation or abuse of these newly reported issues
Looks like there are vulnerabilities in firmware included
Generally these are not available for devices that no longer have updates from their manufacturer, even with Android ROMs which report an up-to-date security patch level
Sometimes ROMs dont include these security patches even if they are released by the device manufacturer
mastodon.at is a microblogging site that federates with most instances on the Fediverse.