Android Tapjacking Vulnerability in WindowInfo WriteToParcel Function Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the Android WindowInfo component, specifically in the writeToParcel function. This issue involves a tapjacking or overlay attack, where a user could be manipulated into accepting a permission. Exploitation of this vulnerability could lead to local privilege escalation without requiring additional execution privileges. Notably, user interaction is not necessary for the exploitation to occur.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system.

Added: Mar 2, 2026, 7:35 PM

Updated: Mar 2, 2026, 8:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Tapjacking Vulnerability in WindowInfo WriteToParcel Function Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating