Vulnetix
Try Vulnetix Request Demo
ASB-A-197296414 PUBLISHED

In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

VendorProductVersions
platformframeworks/native12, 13-next:0, 11:0
platformframeworks/base13-next, 11:0, 11

Timeline

References

Open in Interactive Console →