CVE-2021-0586

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11

Description: The issue is related to a tapjacking/overlay attack in the DevicePickerFragment.java file, which could trick the user into selecting an unwanted Bluetooth device. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is necessary for exploitation.

Recommendations: For Android versions Android-8.1 through Android-11, consider restricting access to the DevicePickerFragment.java functionality until a patch is available. As a temporary workaround, avoid using the Bluetooth device selection feature in affected Android versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.