DescriptionIn HarmfulAppWarningActivity of, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1009626

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
android-platform-frameworks-base (PTS)buster1:8.1.0+r23-3vulnerable
sid, trixie1:14~beta1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

No security impact for Android as provided in Debian, Not accessible in Debian builds

Search for package or bug name: Reporting problems