Android Framework Privilege Escalation Vulnerability via Tapjacking Overlay Attack

A privilege escalation vulnerability has been identified in the Android Framework. This issue arises from a tapjacking or overlay attack, which allows for local escalation of privileges without requiring additional execution rights or user interaction. The vulnerability is present in multiple versions of the Android Framework.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user or application to gain elevated rights or access within the system.

Reproduction

The vulnerability can be reproduced by displaying a custom Toast message with modified window animations. This can be done by creating a legacy app that uses deprecated custom views to show Toasts. When the Toast is displayed, the WindowManager.LayoutParams can be adjusted to include a custom animation, such as a fade-out effect. Once the Toast is shown, the regular SystemUI Toasts will not be affected, allowing the untrusted Toast to be hidden quickly, creating a tapjacking scenario.

Remediation

Users can update to the latest version of Android to address this vulnerability. Instructions for checking and updating Android versions are available on the Google Support website.