CVE-2022-20501

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-13

Description The issue allows an attacker to potentially mislead a user into enabling a malicious phone account due to a tapjacking/overlay attack in the onCreate method of EnableAccountPreferenceActivity.java. This could lead to local escalation of privilege, requiring user interaction for exploitation and needing User execution privileges.

Recommendations For Android versions Android-10 through Android-13, consider restricting access to the EnableAccountPreferenceActivity until a patch is available, and avoid user interactions that could lead to the exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.