CVE-2021-0603

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue is related to a tapjacking/overlay attack in the onCreate method of ContactSelectionActivity.java, allowing access to contacts without permission. This could lead to local escalation of privilege, requiring User execution privileges and user interaction for exploitation.

Recommendations: For Android version Android-11, consider restricting access to the ContactSelectionActivity until a patch is available, or apply configuration changes to minimize the risk of exploitation, such as disabling overlay attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.