In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2021-01-01 | Exploit Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: google_android
Published: 2021-01-11T20:28:56
Updated: 2021-01-11T20:28:56
Reserved: 2020-10-12T00:00:00
Link: CVE-2020-27059
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-11T21:15:13.250
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-27059
JSON object: View
Redhat Information
No data.
CWE