ASB-A-141745510 — Vulnetix

ASB-A-141745510 PUBLISHED

In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	8.0:0, 8.0, 8.1:0

Timeline

Dec 1, 2020 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2020-12-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/d0746b46a5d8049a7105a16eb25c44810376527e patch

Open in Interactive Console →