CVE-2020-0015

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description A potential issue in the onCreate method of CertInstaller.java allows a malicious application to overlay the Certificate Installation dialog. This could lead to local escalation of privilege without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android versions 8.0 through 10, consider restricting access to the Certificate Installation dialog until a patch is available. As a temporary workaround, avoid installing certificates from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.