Phishing attacks over Bluetooth due to unclear warning message

2021-11-0100:00:00

Google

osv.dev

0.0004 Low

EPSS

Percentile

5.1%

JSON

In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CPENameOperatorVersion
platform/packages/apps/settingseq9
platform/packages/apps/settingseq11
platform/packages/apps/settingseq10

Name	Operator	Version
platform/packages/apps/settings	eq	9
platform/packages/apps/settings	eq	11
platform/packages/apps/settings	eq	10

References

android.googlesource.com/platform/packages/apps/Settings/+/10e459921953825d34e70cc4da846aac703d913c

android.googlesource.com/platform/packages/apps/Settings/+/65e3c68e6fbfb1d6762718a190416a2bff36962c

android.googlesource.com/platform/packages/apps/Settings/+/80d8b03d027f3dffb85958f849be3b5316791107

android.googlesource.com/platform/packages/apps/Settings/+/8fe8e0fc211d4f36cce2865a17c834573ec25211

android.googlesource.com/platform/packages/apps/Settings/+/a5046f219a545246f244f0dc003eefdeb1dfeb93

android.googlesource.com/platform/packages/apps/Settings/+/fa504b8e01405fa529670b6ac6112d0241c2ff86

source.android.com/security/bulletin/2021-11-01

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-167403112