Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent. The target app is misled into trusting the filename or path and executes or stores the file in a critical directory.
Couldn't Android filter these names so they can't contain a path?
There are a handful of Zeppelin NT semi-rigid airships flying around nowadays. If you want to see a landing and start, I recorded this a few years ago.