In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Google
Google android |
|
Weaknesses | CWE-1021 | |
CPEs | cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Google
Google android |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2024-07-09T20:09:16.323Z
Updated: 2024-08-02T01:52:56.409Z
Reserved: 2024-03-29T20:12:39.973Z
Link: CVE-2024-31324
Vulnrichment
Updated: 2024-08-02T01:52:56.409Z
NVD
Status : Analyzed
Published: 2024-07-09T21:15:13.563
Modified: 2024-12-17T19:04:32.343
Link: CVE-2024-31324
Redhat
No data.