CVE-2021-1032

Name of the Vulnerable Software and Affected Versions Android versions Android-12

Description The issue is related to a side channel information disclosure in the PackageManagerService.java file, specifically in the getMimeGroup function. This could allow an attacker to determine whether an app is installed without needing query permissions, potentially leading to local information disclosure. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android version Android-12, consider restricting access to the getMimeGroup function in PackageManagerService.java to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit the use of side channel information to prevent potential disclosure.