Apps can get users to unknowingly perform sensitive actions using custom activity transitions

2021-02-0100:00:00

Google

osv.dev

0.0005 Low

EPSS

Percentile

17.1%

JSON

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CPENameOperatorVersion
platform/frameworks/baseeq9
platform/frameworks/baseeq10
platform/frameworks/baseeq8.1
platform/frameworks/baseeq8.0

Name	Operator	Version
platform/frameworks/base	eq	9
platform/frameworks/base	eq	10
platform/frameworks/base	eq	8.1
platform/frameworks/base	eq	8.0

References

android.googlesource.com/platform/frameworks/base/+/36bcc77337814d4d36e2b10eb062ac417d91611e

android.googlesource.com/platform/frameworks/base/+/4236b3e88fe444e2fbec7aa564fccf8b57c071dd

android.googlesource.com/platform/frameworks/base/+/6de34f8ee714691dbc3c089245bf832006826ebe

android.googlesource.com/platform/frameworks/base/+/8669ef385780b8415412407deec85539a1e7db98

android.googlesource.com/platform/frameworks/base/+/ee11625bb707c3512d4e44a35cc85b0bd14a2478

source.android.com/security/bulletin/2021-02-01

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:ASB-A-145728687