CVE-2021-0433

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11

Description: The issue allows for a possible bypass of user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is necessary for exploitation.

Recommendations: For Android versions 8.1 through 11, consider disabling the Bluetooth pairing functionality in DeviceChooserActivity.java as a temporary workaround until a patch is available. Restrict access to the DeviceChooserActivity to minimize the risk of exploitation. Avoid using the affected Bluetooth pairing feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.