Insecure Default Value in addWindow of WindowManagerService.java Allows for Tapjacking and Privilege Escalation
CVE-2020-0099 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510
Learn more about our Cis Benchmark Audit For Google Android.