Tapjacking Vulnerability in Car Settings App Allows Unauthorized Modification of System Settings

Tapjacking Vulnerability in Car Settings App Allows Unauthorized Modification of System Settings

CVE-2022-20214 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

Learn more about our Cis Benchmark Audit For Google Android.