Main Vulnerability Database SB2020121105

SB2020121105 - Privilege escalation in Google Android

Published: December 11, 2020

Security Bulletin ID SB2020121105

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2020-27059)

The vulnerability allows a malicious application to elevate privileges on the system.

The vulnerability exists due to a race condition when processing two activities, related to fingerprint input. A malicious application installed on the device can bypass mitigations, implemented by Android and gain elevated privileges within the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.darkreading.com/threat-intelligence/fingerprint-jacking-attack-technique-manipulates-android-ui-/d/d-id/1339684