← back
CVE-2024-31324

CVE-2024-31324

CVSS 7.8 HIGHEPSS 0.1%CWE-1021
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Google · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21https://source.android.com/security/bulletin/2024-06-01