CVE-2021-0302

HIGH

Android - Tapjacking Attack via Insecure Default Value in PackageInstaller

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-0302. PoCs published by ShaikUsaf.

AI-analyzed exploit summary This repository contains source code files from the Android Open Source Project (AOSP) related to CVE-2021-0302, a vulnerability in the PackageInstaller component. The files include UI and logic components but do not contain an exploit or proof-of-concept code.

Description

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782

Exploits (1)

nomisec WRITEUP

by ShaikUsaf · poc

https://github.com/ShaikUsaf/packages_apps_PackageInstaller_AOSP10_r33_CVE-2021-0302

View Code ZIP pw:eip

This repository contains source code files from the Android Open Source Project (AOSP) related to CVE-2021-0302, a vulnerability in the PackageInstaller component. The files include UI and logic components but do not contain an exploit or proof-of-concept code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Android PackageInstaller (AOSP 10 r33)

No auth needed

Prerequisites: Access to vulnerable Android device

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2021-02-01

Scores

CVSS v3 7.8

EPSS 0.0070

EPSS Percentile 48.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1021

Status published

Products (3)

google/android 8.1

google/android 9.0

google/android 10.0

Published Feb 10, 2021

Tracked Since Feb 18, 2026