PT-2021-13368 · Google · Android

Published

2021-12-01

Updated

2021-12-20

CVE-2021-0953

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-9 through Android-12

Description The issue is related to an unsafe PendingIntent in the setOnClickActivityIntent of SearchWidgetProvider.java. This could allow access to contacts and history bookmarks without permission, leading to local escalation of privilege. User interaction is not needed for exploitation, and the required execution privileges are those of a User.

Recommendations For Android versions Android-9 through Android-12, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ASB-A-184046278

CVE-2021-0953

Affected Products

Android

PT-2021-13368 · Google · Android

CVE-2021-0953

Weakness Enumeration

Related Identifiers

Affected Products

References · 5