CVE-2021-0583

Name of the Vulnerable Software and Affected Versions: Android versions Android-9 through Android-10

Description: The issue is related to a tapjacking/overlay attack in the onCreate of BluetoothPairingDialog, which could enable Bluetooth without user consent. This may lead to local escalation of privilege, requiring User execution privileges. User interaction is necessary for exploitation.

Recommendations: For Android versions Android-9 through Android-10, consider disabling the Bluetooth functionality until a patch is available to prevent potential exploitation. Restrict access to the BluetoothPairingDialog to minimize the risk of escalation of privilege. Avoid using the onCreate method of BluetoothPairingDialog until the issue is resolved.