In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.
Weakness
The product does not properly verify that the source of data or communication is valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Android | 10.0 (including) | 10.0 (including) | |
| Android | 11.0 (including) | 11.0 (including) | |
| Android | 12.1 (including) | 12.1 (including) | |
| Android | 13.0 (including) | 13.0 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/160.html
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/510.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/75.html
- https://cwe.mitre.org/data/definitions/76.html
- https://cwe.mitre.org/data/definitions/89.html