AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents, an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Tue, 26 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Attacker Can Bypass AppLockZ PIN Overlay to Access Protected Apps on Android | |
| Weaknesses | CWE-287 |
Tue, 26 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intents, an attacker can evade lockscreen verification and access protected apps (e.g., Chrome). This results in information disclosure and privilege escalation. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2026-05-26T00:00:00.000Z
Updated: 2026-05-26T19:55:38.950Z
Reserved: 2025-12-24T00:00:00.000Z
Link: CVE-2025-68711
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-26T21:16:36.043
Modified: 2026-05-26T21:16:36.043
Link: CVE-2025-68711
Redhat
No data.