The vulnerability could have been used by a malicious apps to gain unwanted access to calling and SMS functions. Silent One has patched it and issued a bounty reward.
When should security researchers go public with vulnerability details, when should they be paid, and when should they publicly demand payment. Read about this case