Skip to content

Mobile Security Scanner

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

devaa-security/manifest-scanner

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Task Reparenting Vulnerability Leading to UI Spoofing in Android Applications

Description

The application does not restrict the number of UI layers or frames that can be rendered. This can allow attackers to perform a denial of service attack by rendering a large number of UI layers or frames. For example, an attacker can render a large number of UI layers or frames to crash the application.

Improper Restriction of UI Overlay, Redressing, or Tapjacking Attacks

Description

The application does not restrict the number of UI layers or frames that can be rendered. This can allow attackers to perform a denial of service attack by rendering a large number of UI layers or frames. For example, an attacker can render a large number of UI layers or frames to crash the application.

Manifest Scanner Check

$ manifest-scanner -f /path/to/android-project -c CWE-1021

References