Do we have any official feedback related to the story regarding missing security patches?
There is an app called SnoopSnitch (https://opensource.srlabs.de/projects/snoopsnitch) which attempts to verify those installed. Both my Nokia 6 at 1 March 2018 and a Samsung s8 at 1 February 2018 only report up to 2017/12 so I assume it isn't being updated but my Nokia 6 does report that some of the patches are missing. I have no idea how thorough these tests are, but I would hope that before it states a patch is missing it verifies that the phone is vulnerable in the first instance e.g. that it has a broadcom WiFi chip when assessing CVE-2017-3544.