CVE-2021-39617

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-12L

Description The issue allows for a tapjacking/overlay attack in the user interface buttons of PermissionController, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android versions Android-11 through Android-12L, consider restricting access to the PermissionController interface until a fix is available. As a temporary workaround, avoid using the affected user interface buttons in PermissionController to minimize the risk of exploitation.