CVE-2021-0999
📋 TL;DR
CVE-2021-0999 is a local privilege escalation vulnerability in Android 12 that allows attackers to manipulate Bluetooth A2DP device connections without proper permission checks. This could enable unauthorized control over audio routing and potentially facilitate further attacks. Only Android 12 devices are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain elevated privileges to control Bluetooth audio routing, potentially enabling eavesdropping, audio manipulation, or as a stepping stone for further system compromise.
Likely Case
Local attackers could manipulate Bluetooth audio connections to redirect audio streams or disrupt normal Bluetooth functionality.
If Mitigated
With proper patching, the vulnerability is eliminated; without patching, limiting Bluetooth usage reduces exposure.
🎯 Exploit Status
Exploitation requires local access but no user interaction. The vulnerability is in AndroidManifest.xml broadcast definitions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2021-12-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-12-01
Restart Required: Yes
Instructions:
1. Check for Android updates in Settings > System > System update. 2. Install the December 2021 security patch or later. 3. Restart the device after installation.
🔧 Temporary Workarounds
Disable Bluetooth when not in use
androidReduces attack surface by disabling Bluetooth functionality
Settings > Connected devices > Connection preferences > Bluetooth > Toggle off
Restrict app permissions
androidReview and limit Bluetooth permissions for installed applications
Settings > Apps > [App Name] > Permissions > Nearby devices > Deny
🧯 If You Can't Patch
- Disable Bluetooth completely in device settings
- Use device management policies to restrict Bluetooth usage in enterprise environments
🔍 How to Verify
Check if Vulnerable:
Check Android version: Settings > About phone > Android version. If it shows Android 12 without December 2021 security patch, device is vulnerable.Check Version:
adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android Security Patch Level: Settings > About phone > Android version > Android security update. Should show 'December 1, 2021' or later.📡 Detection & Monitoring
Log Indicators:
- Unauthorized Bluetooth A2DP connection state changes in system logs
- Unexpected broadcast intents related to Bluetooth connections
Network Indicators:
- Unexpected Bluetooth pairing or connection attempts from untrusted devices
SIEM Query:
source="android_system" AND (event="bluetooth_a2dp_state_change" OR event="broadcast_received") AND user="unprivileged"