CVE-2021-0506
HIGHAndroid - Tapjacking/Overlay Attack via ActivityPicker Intent Resolution
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-0506. PoCs published by Satheesh575555.
AI-analyzed exploit summary This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically targeting CVE-2021-0506. The files appear to be part of a technical analysis or patch review, as they include modified or vulnerable components such as `ActivityPicker.java` and other Settings-related classes. No exploit code is present, but the files provide context for understanding the vulnerability.
Description
In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311
Exploits (1)
This repository contains source code files from the Android Open Source Project (AOSP) Settings app, specifically targeting CVE-2021-0506. The files appear to be part of a technical analysis or patch review, as they include modified or vulnerable components such as `ActivityPicker.java` and other Settings-related classes. No exploit code is present, but the files provide context for understanding the vulnerability.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H