Primary

Context

Android MediaProvider and Documents UI Tapjacking Vulnerability Allowing Local Privilege Escalation

Vulnerability

Patched

A tapjacking vulnerability has been identified in the Android MediaProvider and Documents UI components. This issue arises from a logic error in the code, which creates a potential for local privilege escalation. Notably, the vulnerability can be exploited without requiring additional execution privileges or user interaction. Affected devices can be updated to the June 2026 security patch level to address this vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized elevation of privileges, allowing a user to gain access to restricted functions or data.

Remediation

Users can update their devices to the June 2026 security patch level to address this vulnerability. For some devices on Android 10 and later, the Google Play system update will include this patch. Instructions for checking and updating the Android version are available on the Google Play support page.

Added: Jun 1, 2026, 10:57 PM

Updated: Jun 1, 2026, 10:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android MediaProvider and Documents UI Tapjacking Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating