In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "154270236169330912437872144573544089928" }, "id": "ASB-A-246933359-2d747a16", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "320289821939055675549952624027794498453", "96961415491038917953009970649486956067", "70238020157878442178950549376738510749", "62743758544484059513720788751842644535", "285738201064597834006436556479051549380", "319483709314350051125391354452465839608", "218636688842431018377560863361731694344", "300316977321693419332182848524026739926" ] }, "id": "ASB-A-246933359-fd099c12", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035" ], "spl": "2022-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "154270236169330912437872144573544089928" }, "id": "ASB-A-246933359-b528d839", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "320289821939055675549952624027794498453", "96961415491038917953009970649486956067", "70238020157878442178950549376738510749", "62743758544484059513720788751842644535", "285738201064597834006436556479051549380", "319483709314350051125391354452465839608", "218636688842431018377560863361731694344", "300316977321693419332182848524026739926" ] }, "id": "ASB-A-246933359-f71949af", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035" ], "spl": "2022-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "320289821939055675549952624027794498453", "96961415491038917953009970649486956067", "70238020157878442178950549376738510749", "62743758544484059513720788751842644535", "285738201064597834006436556479051549380", "319483709314350051125391354452465839608", "218636688842431018377560863361731694344", "300316977321693419332182848524026739926" ] }, "id": "ASB-A-246933359-009398e8", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 245.0, "function_hash": "154270236169330912437872144573544089928" }, "id": "ASB-A-246933359-8914fb9c", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java", "function": "onCreate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035" ], "spl": "2022-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "154270236169330912437872144573544089928" }, "id": "ASB-A-246933359-13317206", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "320289821939055675549952624027794498453", "96961415491038917953009970649486956067", "70238020157878442178950549376738510749", "62743758544484059513720788751842644535", "285738201064597834006436556479051549380", "319483709314350051125391354452465839608", "218636688842431018377560863361731694344", "300316977321693419332182848524026739926" ] }, "id": "ASB-A-246933359-ae6a4686", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035" ], "spl": "2022-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "154270236169330912437872144573544089928" }, "id": "ASB-A-246933359-344f4600", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "320289821939055675549952624027794498453", "96961415491038917953009970649486956067", "70238020157878442178950549376738510749", "62743758544484059513720788751842644535", "285738201064597834006436556479051549380", "319483709314350051125391354452465839608", "218636688842431018377560863361731694344", "300316977321693419332182848524026739926" ] }, "id": "ASB-A-246933359-decf1620", "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/server/telecom/settings/EnableAccountPreferenceActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/a7d57ace5819c4eef340aaf6744ad441d0369035" ], "spl": "2022-12-01", "severity": "High", "types": [ "EoP" ] }