Vulnerabilities > CVE-2021-0992 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
local
low complexity
google
CWE-1021

Summary

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327

Vulnerable Configurations

Part Description Count
OS
Google
1