In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3b8aa02ba51f26161519f6465515f619e663bbbf", "https://android.googlesource.com/platform/frameworks/base/+/d100067fd62adb4648e966b3306b9a2f3b1fd38e" ], "spl": "2023-05-01", "types": [ "EoP" ], "severity": "High" }
{ "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/9cf4a4d4e57d059a4e4119f0a8f2a8be237f28c2", "https://android.googlesource.com/platform/frameworks/native/+/062a867e94dbf811ccca02e7a6a0f0e36465694a", "https://android.googlesource.com/platform/frameworks/native/+/a066d908f6fe28e63ae49327b57fcd31d63fba2d" ], "spl": "2023-05-01", "types": [ "EoP" ], "severity": "High" }