CVE-2016-2496

EPSS 0.31%
Veröffentlicht 13.06.2016 01:59:35
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

http://source.android.com/security/bulletin/2016-06-01.html

Vendor Advisory

Release Notes

https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628

Patch

https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf

Patch

https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2016-2496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2496

EUVD