Description
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (4)
google/android
8.0
google/android
8.1
google/android
9.0
google/android
10.0
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026