CVE-2021-0536

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue is related to a confused deputy in the WiFiInstaller's dropFile function, allowing the deletion of files accessible to CertInstaller. This could lead to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations: For Android version Android-11, consider restricting access to the WiFiInstaller's dropFile function as a temporary workaround until a patch is available. Additionally, review file permissions accessible to CertInstaller to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.