CVE-2020-0099
HIGHAndroid 8.0-10 - Unauthenticated Local Privilege Escalation via Tapjacking
Title source: llmDescription
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-12-01
Scores
CVSS v3
7.8
EPSS
0.0053
EPSS Percentile
40.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (4)
google/android
8.0
google/android
8.1
google/android
9.0
google/android
10.0
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026