CVE-2021-0550

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue is related to a confused deputy in the onLoadFailed method of AnnotateActivity.java, which could allow gaining WRITE EXTERNAL STORAGE permissions without user consent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations: For Android version Android-11, consider restricting the use of the WRITE EXTERNAL STORAGE permission to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and restrict access to sensitive external storage to prevent potential abuse.