CVE-2021-0478
📋 TL;DR
This vulnerability allows local privilege escalation on Android devices by bypassing permission checks. An uncaught exception in the status bar icon update process enables attackers to run foreground services without user notification. Affects Android 8.1 through 11 with user execution privileges required.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains persistent elevated privileges, installs malware, accesses sensitive data, and maintains stealthy persistence on the device.
Likely Case
Malicious app escalates privileges to run foreground services without user consent, potentially enabling data theft or further exploitation.
If Mitigated
Limited impact if device is patched, has minimal apps installed, and runs with restricted permissions.
🎯 Exploit Status
Requires local access and user to install/execute malicious app. No user interaction needed after initial execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2021-06-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/2021-06-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2021-06-01 or later. 3. Reboot device after installation.
🔧 Temporary Workarounds
Restrict app installations
androidOnly install apps from trusted sources like Google Play Store and disable unknown sources installation.
Settings > Security > Install unknown apps > Disable for all apps
Review app permissions
androidRegularly audit and restrict app permissions, especially for apps requesting unusual privileges.
Settings > Apps & notifications > [App name] > Permissions
🧯 If You Can't Patch
- Implement mobile device management (MDM) with strict app whitelisting
- Monitor for unusual foreground service activity and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level in Settings > About phone > Android version and Security patch level.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Security patch level is 2021-06-01 or later in Settings > About phone > Security patch level.📡 Detection & Monitoring
Log Indicators:
- Unusual foreground service starts without user interaction
- Permission denial exceptions in system_server logs
- StatusBarIconView update failures
Network Indicators:
- Unusual network traffic from foreground services
SIEM Query:
source="android_logs" AND ("StatusBarIconView" OR "updateDrawable" OR "foreground service" AND "permission")