Softpedia reported on Samsung not patching kernel vulnerabilities in non-Lollipop S4 phones.
According to Jonathan Salwan, one of QuarksLAB’s junior security researchers, Samsung took 3 months to acknowledge the bugs (November 2014), and only responded to QuarksLAB’s emails after the company went public with their research on September 21, 2015.
“They just acknowledged the issues, then went silent until this blog post popped,” said Mr. Salwan. “Samsung just confirmed to us that the JB and KK families will not be patched and that the vulnerabilities are only patched on the LL family.”
Because security is a priority.