Everybody without Android Oreo vulnerable to overlay attack

Any unpatched Android phone running a version older than Oreo is going to need patching fairly soon, with researchers turning up a class of vulnerability that lets malware draw fake dialogs so users “okay” their own pwnage.

The risk, according to Palo Alto Networks’ researchers, comes from what’s known as an overlay attack.

It’s a straightforward way to trick users: draw a bogus screen for users to click on (for example, to install an app or accept a set of permissions), hiding what’s really happening.

Source: The Register