01642 06 11 11 Arrange Call

Insecure Default Value in addWindow of WindowManagerService.java Allows for Tapjacking and Privilege Escalation

CVE-2020-0099 · HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-0099

In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141745510

Learn more about our Cis Benchmark Audit For Google Android.