Firstly, I am aware of this thread.
I have checked and so far there are no new updates for my phone (Samsung Galaxy S5; Lollipop 5.1.1)
Solved! Go to Solution.
The VTS for Android app recently updated. While it still shows cve-2015-6602 as vulnerable, it does provide some additional information.
Apparently, it is fixed in 5.1.1_r9/LMY48K. I'm not that familiar with the different builds. I assume they are labelled in a chronological/alphanumeric way. That is, the LMY48K is a newer build than my current LMY47X. Does this information help at all?
So, the GS5 software doesn't have CVE-2015-6602. It's likely that the next OS update will include a security patch for this.
I'll let you know if I hear anything else
Hope this helps.
Okay thanks FidoStephen! I just find it strange that the VTS app still flagged it as vulnerable...