{"id":"ASB-A-182809425", "published":"2021-07-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0603", "A-182809425"], "details":"In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Contacts", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-07-05"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191"], "severity":"High", "spl":"2021-07-05", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["190312185624807943592970628589308963729", "35882184424909055692196935657509236596", "58213294088913198917405689667956433894"], "threshold":0.9}, "id":"ASB-A-182809425-110afd27", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191", "target":{"file":"src/com/android/contacts/activities/ContactSelectionActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"246741278986562264655030820617111442652", "length":578}, "id":"ASB-A-182809425-57ca89de", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/ea3e6cdd4152b5878121698f3dde6542b897c191", "target":{"file":"src/com/android/contacts/activities/ContactSelectionActivity.java", "function":"onCreate"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Contacts/+/19ff4ed838d4ec83cd10eeac80878205f8817e69"}]}