“Toast” Vulnerability in Android Allowed for New Overlay Attacks

Tracked as CVE-2017-0752 and described as an elevation of privilege vulnerability in the Android framework (windowmanager), the bug abuses the “Toast” notifications in the operating system to modify what users see on the screen. Unlike similar overlay attacks, however, the new method does not require specific permissions or conditions to be effective, Palo Alto’s security … Read more

Patch your Android device to foil Toast Overlay attacks

Overlay attacks are nothing new for Android users, and Palo Alto Networks Unit 42 researchers have found yet another way for attackers to perpetrate them. An “overlay attack” allows an attacker’s app to lay windows over other windows and apps running on the device, effectively tricking users into clicking on buttons and allowing actions that … Read more