If phone manufacterers haven't upgraded their kit since Kitkat, they won't be offering patches.
Although I am willing to stand corrected HP and Lenovo (specifically tablets) !!!
Security firm Zimperium will spend US$1.5 million buying hacks targeting flaws in three-year-old Android KitKat and ancient versions of iOS. The California threat detection company internet arms dealer will splash cash acquiring private exploits against public patched vulnerabilities dating back to at least the 2013 Android …
Didn't Al Capone do this? How is it not a protection racket?
<quote>
The exploits, which require proof-of-concept demonstrations, will also help train the company's internal threat detection systems it sells to clients.
"We will provide ZHA (mobile phone) partners between one to three months advanced notice, before releasing the exploit publicly, unlike most exploit acquisition programs," Avraham says.
</quote>