{"id":"ASB-A-329631990", "published":"2026-06-01T00:00:00Z", "modified":"2026-06-24T15:00:40.818157658Z", "aliases":["CVE-2026-0009", "A-329631990"], "details":"In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"17-next:0"}, {"fixed":"17-next:2026-06-01"}]}], "versions":["17-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/37726a74bb1fd83f26661755253649bdfc395862", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0304e031b66fb328bf0b3d8721179452432b26ec", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c5d89a70a250e3b27952764519000bd7ca98262b", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/bf034ab4e140ba913b1d98e7ca9ecfb652f96973", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7cdcc3e2ad6ac4acc88e8d7a32fd4f834b93dcf0"], "severity":"High", "spl":"2026-06-01", "types":["EoP"]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2026-06-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7e93843ccca4e5ebf67dabd24a3311745817289c", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0f5ff758caec815122ff3048cfd4ed95b84aa00f", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/543afa4a4b315bb13c4f812dd8ad096fd2aa7d4b"], "severity":"High", "spl":"2026-06-01", "types":["EoP"]}}, {"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2026-06-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b753d8558b9c6016026507aa83085f745dd21d3", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/96625b49815d7f7a670d5a71305cbfd533521da1", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/34d5fa2ebd49687140fb1d14bfda5863ae238cfd"], "severity":"High", "spl":"2026-06-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2026-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/61808742c17acb107221fa5f0ce998532dbc0bed"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/8a710e8508880a2af058ad93b58b4fe5e770be57"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f04605de9b68a9301e9ca59b7335cb1978cac792"}]}