These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability.
And because Apple is no longer providing security updates for Quick Time on Windows, these vulnerabilities are never going to be patched.
Mobile threats are trending upward, with vulnerability exploits gaining traction. More of these vulnerabilities are also disclosed, analyzed and detected.
This helps better mitigate Android devices from zero-days and malware, enabling OEMs/vendors to more proactively respond to these threats.
CVE-2016-3915 and CVE-2016-3916 can be set off by malicious apps and attacks triggered from Android’s interprocess communication mechanism (Binder call).