In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "190312185624807943592970628589308963729", "35882184424909055692196935657509236596", "58213294088913198917405689667956433894" ] }, "id": "ASB-A-182809425-110afd27", "source": "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/contacts/activities/ContactSelectionActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 578.0, "function_hash": "246741278986562264655030820617111442652" }, "id": "ASB-A-182809425-57ca89de", "source": "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/contacts/activities/ContactSelectionActivity.java", "function": "onCreate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191" ], "spl": "2021-07-05", "severity": "High", "types": [ "EoP" ] }