CVE-2021-39781

Name of the Vulnerable Software and Affected Versions Android versions Android-12L

Description In SmsController, there is a possible information disclosure due to a permissions bypass. This could lead to local escalation of privilege and sending sms with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-12L, consider restricting access to the SmsController until a patch is available. As a temporary workaround, avoid using the SmsController for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.