CVE-2021-0333

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11

Description: The issue is related to a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is necessary for exploitation.

Recommendations: For Android versions 8.1 through 11, consider restricting access to the BluetoothPermissionActivity.java until a patch is available. As a temporary workaround, avoid connecting Bluetooth devices that may trigger the phonebook permissions dialog until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.