CVE-2016-2496

Name of the Vulnerable Software and Affected Versions Android 6.x versions prior to 2016-06-01

Description The issue is related to the Framework UI permission-dialog implementation, which allows attackers to conduct tapjacking attacks. This can be achieved by creating a partially overlapping window, enabling access to arbitrary private-storage files. The problem is associated with insufficient access control in the Android operating system.

Recommendations For Android 6.x versions prior to 2016-06-01, consider restricting the use of the permission-dialog implementation until a fix is available. As a temporary workaround, avoid using overlapping windows to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.