Tuesday, May 6, 2025
HomeCVE/vulnerabilityBeware!! All Android Versions Up to 7.0 are Vulnerable to Toast Overlay...

Beware!! All Android Versions Up to 7.0 are Vulnerable to Toast Overlay Attack

Published on

SIEM as a Service

Follow Us on Google News

Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity.

Security experts from Palo Alto Networks discovered a vulnerability with Android overlay system which allows an attack by Toast type Overlay. Every android devices less than 8.0 are vulnerable to this attack.

Overlay attacks allow an attacker to draw on top of other windows and apps running on the affected device. With this recently found overlay assault does not require a particular permissions or conditions to be compelling. Malware propelling this assault does not have to have the overlay consent or to be introduced from Google Play.

- Advertisement - Google News

Also Read Millions of Android Phones including latest Versions Vulnerable

With these permissions are in all actuality, various effective assaults can be propelled on the device, including taking credentials, introducing applications silently, and locking the device for the payment.

Cloak and Dagger work by adjusting locales of the screen to change what the victim sees, deceiving them into empowering further permissions or recognizing their input data sources.CVE-2017-0752 was assigned for this vulnerability and it was fixed with security patch released on 2017-09-01, with the fix for a subset of vulnerabilities that are similar across all Android devices.

Vulnerability on Android OS

Experts say Toast overlay is normally used to show a rapid message over all different applications. For instance, a message showing that an email has been spared as the draft when a client explores away without sending an email.

It normally acquires all configuration options with respect to different windows sorts. Be that as it may, our examination has discovered utilizing the Toast window as an overlay window permits an application to compose over the interface of another App without asking for the SYSTEM_ALERT_WINDOW benefit this ordinarily requires.

Vulnerability occurs due to lack of permission checks in code validation with Android AOSP (version <= 7.0) and with Android OS version 7.1 it has multiple layers of mitigation, First layer forcibly due to lack maximum timeout and second mitigation, Android 7.1 allows only one Toast window per app to be shown at a time.

Through the overlay attack, an installed malicious app can fool the user into giving the app Device Administrator permissions. With this, it will have the capability to launch deadly attacks, including:

  1. Locking the device screen
  2. Resetting the device PIN
  3. Wiping the device’s data
  4. Preventing the user from uninstalling the App

Google patched and disclosed this vulnerability on September 5th of 2017.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Signal App Used by Trump Associate Targeted in Security Breach

A major security scare has erupted in Washington after reports emerged that a Trump...

CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively...

Windows Deployment Services Hit by 0-Click UDP Flaw Leading to System Failures

A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise networks...

Critical Microsoft 0-Click Telnet Vulnerability Enables Credential Theft Without User Action

A critical vulnerability has been uncovered in Microsoft’s Telnet Client (telnet.exe), enabling attackers to...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively...

MediaTek Fixes Multiple Security Flaws in Smartphone, Tablet, and TV Chipsets

MediaTek, a leading provider of chipset technology for smartphones, tablets, AIoT, and smart TVs,...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro...