Re: 4 bits one in 16
If you're in a position to flip bits in someone else's pointer aren't you already in control of the application?
Generally not. The typical use-after-free attack, like most stack-smashing attacks, integer-overflow attacks, etc, must leverage the initial violation into a full exploit. Generally that's a process of some complexity - how complex depends on the vulnerability and the application in which it exists. Sometimes it's straightforward, as with many return-into-library exploits. Sometimes it isn't; Ormandy's #GP Trap exploit for Windows is a good example of a complicated one.
So it's quite plausible that you'd have a vulnerability that let you flip bits in a pointer but did not in itself give you much more than that.