CVE-2021-0598

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11

Description: The issue is related to a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack in the ConfirmConnectActivity.java. This could lead to local escalation of privilege with User execution privileges needed. User interaction is necessary for exploitation.

Recommendations: For Android versions Android-8.1 through Android-11, consider disabling the Bluetooth pairing functionality in ConfirmConnectActivity.java until a patch is available. Restrict access to the ConfirmConnectActivity.java module to minimize the risk of exploitation. Avoid using untrusted Bluetooth devices to prevent potential pairing issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.