CVE-2022-20442

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12L

Description The issue is related to a tapjacking/overlay attack in the ReviewPermissionsActivity.java file. This could allow granting permissions for a separate app on devices with API level less than 23, potentially leading to local escalation of privilege. User interaction is required for exploitation.

Recommendations For Android versions Android-10 through Android-12L, consider restricting the use of the ReviewPermissionsActivity.java file until a patch is available. As a temporary workaround, avoid using the affected API endpoints related to permission granting until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.