Iwo Banas

**Name of the Vulnerable Software and Affected Versions** Android 6.x versions prior to 2016-06-01 **Description** The issue is related to the Framework UI permission-dialog implementation, which allows attackers to conduct tapjacking attacks. This can be achieved by creating a partially overlapping window, enabling access to arbitrary private-storage files. The problem is associated with insufficient access control in the Android operating system. **Recommendations** For Android 6.x versions prior to 2016-06-01, consider restricting the use of the permission-dialog implementation until a fix is available. As a temporary workaround, avoid using overlapping windows to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.