CVE-2020-0394

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 11

Description A possible tapjacking vector exists due to an insecure default value in the onCreate method of BluetoothPairingDialog.java. This could lead to local escalation of privilege, allowing untrusted devices to access contact lists without needing additional execution privileges. User interaction is required for exploitation.

Recommendations For Android versions 8.0 through 11, consider restricting access to the BluetoothPairingDialog until a patch is available. As a temporary workaround, avoid using the Bluetooth pairing feature in these versions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.