Just raising awareness of a new security concern. This Symantec blog post has the details:
Android Vulnerability to Privilege Escalation - Lollipop is the only Exception https://www-secure.symantec.com/connect/blogs/android-vulnerability-privilege-escalation-lollipop-only-exception
"As of now, in order to exploit this vulnerability, one need to get a malicious app installed onto the target device."
Many thanks,
Mick