CVE-2021-0391

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11

Description: The issue allows an attacker to learn the existence of an account without permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is necessary for exploitation.

Recommendations: For Android versions Android-8.1 through Android-11, consider restricting access to sensitive account information to minimize the risk of exploitation. As a temporary workaround, avoid using the onCreate() method in ChooseTypeAndAccountActivity.java until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.