Description

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Related CPE's

o

google

android

4

References

https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21

Mailing ListPatch

https://source.android.com/security/bulletin/2024-06-01

PatchVendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21

Mailing ListPatch

https://source.android.com/security/bulletin/2024-06-01

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-1021

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-1021

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-09T19:15:13.563Z

1 year ago

Last modified

2025-03-15T15:15:12.107Z

12 months ago