An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26604
Reference (s):
- https://security.samsungmobile.com/securityUpdate.smsb