Primary

Context

Android Framework Tapjacking Vulnerability Leading to Local Privilege Escalation

Vulnerability

A tapjacking vulnerability has been identified in the Android Framework component, specifically within the WindowState.java file. This issue allows an attacker to manipulate the user into granting permissions by overlaying a deceptive interface. The vulnerability could result in local privilege escalation without requiring additional execution rights. Notably, exploitation of this vulnerability does not involve user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized elevation of privileges, allowing a user to gain access to restricted functions or data.

Remediation

Users can update their devices to the June 2026 security patch level to address this vulnerability.

Added: Jun 1, 2026, 10:51 PM

Updated: Jun 1, 2026, 10:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Tapjacking Vulnerability Leading to Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating