With this vulneraility attackers can allow android most sensitive permission accessibility automatically with the help of antivirus like avast or any Playstore apps using 2 accessibility service

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.