ASB-A-182809425

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-182809425.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-182809425
Aliases
  • A-182809425
  • CVE-2021-0603
Published
2021-07-01T00:00:00Z
Modified
2024-08-07T19:29:33.949643Z
Summary
Tapjacking in ContactSelectionActivity of AOSP Contacts app leading to contacts info leak
Details

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Contacts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-07-05

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "190312185624807943592970628589308963729",
                    "35882184424909055692196935657509236596",
                    "58213294088913198917405689667956433894"
                ]
            },
            "id": "ASB-A-182809425-110afd27",
            "source": "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/contacts/activities/ContactSelectionActivity.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 578.0,
                "function_hash": "246741278986562264655030820617111442652"
            },
            "id": "ASB-A-182809425-57ca89de",
            "source": "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/contacts/activities/ContactSelectionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191"
    ],
    "spl": "2021-07-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}