CVE-2021-0487

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue allows for the export of calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. No user interaction is required for exploitation.

Recommendations: For Android version Android-11, consider restricting access to the calendar data to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected CalendarDebugActivity.java functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.