CVE-2021-39810

Name of the Vulnerable Software and Affected Versions Android versions prior to the fix for this issue

Description In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For versions prior to the fixed version, consider disabling the NFC payment functionality until a patch is available. Restrict access to the default contactless payment app setup to minimize the risk of exploitation. Avoid using the default contactless payment app until the issue is resolved.