CVE-2021-0953
📋 TL;DR
This vulnerability allows malicious apps to access contacts and browser history bookmarks without proper permissions by exploiting an unsafe PendingIntent in Android's search widget. It affects Android devices running versions 9 through 12, requiring only local app execution privileges for exploitation.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Malicious app could exfiltrate sensitive contact information and browsing history, potentially leading to identity theft, phishing attacks, or blackmail.
Likely Case
Malware could silently harvest contact lists and browsing history for targeted advertising, spam campaigns, or social engineering attacks.
If Mitigated
With proper app sandboxing and permission controls, impact is limited to data accessible by the vulnerable component only.
🎯 Exploit Status
Exploitation requires creating a malicious app that can be installed on the target device and executed locally.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Bulletin December 2021 patches
Vendor Advisory: https://source.android.com/security/bulletin/2021-12-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install the December 2021 Android security patch. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable search widget
androidRemove or disable the search widget from home screens to eliminate the vulnerable component
Long press on search widget > Remove or Disable
Restrict app installations
androidOnly install apps from trusted sources like Google Play Store
Settings > Security > Install unknown apps > Disable for all apps
🧯 If You Can't Patch
- Implement mobile device management (MDM) to control app installations
- Use app whitelisting to prevent installation of untrusted applications
🔍 How to Verify
Check if Vulnerable:
Check Android version in Settings > About phone > Android version. If version is 9, 10, 11, or 12 without December 2021 patches, device is vulnerable.Check Version:
adb shell getprop ro.build.version.releaseVerify Fix Applied:
Check Security patch level in Settings > About phone > Android version. Verify it shows 'December 1, 2021' or later.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to contacts or browser history databases
- Apps requesting permissions they shouldn't need
Network Indicators:
- Unexpected data exfiltration from device containing contact or browsing data
SIEM Query:
source="android_logs" AND (event="contact_access" OR event="browser_history_access") AND app NOT IN ("trusted_apps_list")