CVE-2021-0307
11.01.2021, 22:15
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771.Enginsight
Vendor | Product | Version |
---|---|---|
android | 10.0 | |
android | 11.0 |
𝑥
= Vulnerable software versions