A high-severity vulnerability in the InputDispatcher component could allow an attacker to manipulate or bypass user input-based security controls.

An unspecified flaw exists in the afterKeyEventLockedInterruptable function within the InputDispatcher. This system component is responsible for routing all user input events (keystrokes, taps). A flaw here could allow a malicious application to intercept input, inject fake input, or cause a logic error in how security-sensitive prompts handle user interaction.

Successful exploitation could enable a wide range of attacks, including keylogging to steal passwords, injecting taps to silently grant permissions, or bypassing user consent dialogs. This compromises user privacy and the integrity of any security mechanism that relies on user input. The CVSS score of 7.8 (High) reflects the fundamental and severe impact of compromising the input system.

Immediate Action: Apply the security update from the vendor that resolves the vulnerability within the InputDispatcher.

Proactive Monitoring: Employ endpoint security solutions that can detect signs of input spoofing or hooking, such as anomalous process behavior related to accessibility services.

Compensating Controls: Restrict the installation of applications that require extensive permissions, particularly those related to accessibility services, which are often abused to carry out such attacks.

Public Exploit Available: false

This vulnerability strikes at the heart of the system's user interaction security model. It is critical that the vendor's patch is applied immediately to all affected systems to prevent potential credential theft, permission bypasses, and other input-based attacks.