CVE-2021-0539

Name of the Vulnerable Software and Affected Versions: Android version Android-11

Description: In the archiveStoredConversation function of MmsService.java, there is a possible way to archive message conversations without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android version Android-11, consider restricting access to the archiveStoredConversation function in MmsService.java to minimize the risk of exploitation. As a temporary workaround, disabling the archiveStoredConversation function until a patch is available could help mitigate the issue.