Описание
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.
Ссылки
- Vendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bcIssue TrackingPatch
- Vendor Advisory
- https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bcIssue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 7.0 (включая)
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00079
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 9 лет назад
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.
CVSS3: 5.5
github
больше 3 лет назад
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.
EPSS
Процентиль: 23%
0.00079
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284