Primary

Context

Android Framework Tapjacking Vulnerability Leading to Privilege Escalation

Vulnerability

A tapjacking vulnerability has been identified in the Android Framework, specifically in the Package Installer component. This issue allows an overlay attack on the installation confirmation dialog, potentially leading to local privilege escalation. The vulnerability exists in multiple versions of Android and can be exploited without any additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to elevated privileges, allowing a user to perform actions or access resources that are normally restricted.

Remediation

Users can update their devices to the March 2025 security patch level to address this vulnerability.

Added: Aug 26, 2025, 11:34 PM

Updated: Aug 26, 2025, 11:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Tapjacking Vulnerability Leading to Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating