Re: virtual consoles

[Georgi Guninski <gguninski () gmail com>]

On Mon, Dec 2, 2019 at 7:13 PM Tavis Ormandy <taviso () gmail com> wrote:
> Hey List, we were discussing simple screen spoofing attacks today, and
> whether we consider it a vulnerability or just social engineering. For
> example, this paper on tricks Android malware can use to trick the user
> into granting permissions to the wrong app.

Precedence in mobile code:

1. This exists in Android 9, I had hard time exiting fullscreen
video player
2. Mozilla fixed similar bug about 15 years ago.
3. In 2001 internet exploder was remotely vulnerable and hitting
control-alt-del was not easy:

https://www.dslreports.com/forum/r1651258-Javascript-in-IE-may-spoof-the-whole-screen
http://www.guninski.com/popspoof.html