Improper Input Validation in Android Settings Allows App Spoofing and Privilege Escalation

Improper Input Validation in Android Settings Allows App Spoofing and Privilege Escalation

CVE-2021-39764 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995

Learn more about our Cis Benchmark Audit For Google Android.