Vulnerabilities > CVE-2021-1016 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |