In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491
References
Link Resource
https://source.android.com/security/bulletin/2021-02-01 Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2021-02-10T16:49:28

Updated: 2021-02-10T16:49:28

Reserved: 2020-11-06T00:00:00


Link: CVE-2021-0333

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-02-10T17:15:20.663

Modified: 2021-02-12T15:22:52.477


Link: CVE-2021-0333

JSON object: View

cve-icon Redhat Information

No data.

CWE