fix comments

MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/description.md

@@ -0,0 +1,4 @@
+
+# Tapjacking Vulnerability
+
+The Tapjacking Vulnerability is a security flaw that allows an attacker to overlay malicious content or interfaces on top of legitimate applications, tricking users into interacting with the attacker's content instead. This can lead to various malicious activities, such as stealing sensitive information, capturing login credentials, or performing unauthorized actions on the user's behalf.

MOBILE_CLIENT/COMMON/_HIGH/OVERLAY_VULNERABILITY/meta.json → MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/meta.json

@@ -1,11 +1,11 @@
 {
     "risk_rating": "high",
-    "short_description": "Overlay Vulnerability is a type of vulnerability where an attacker can overlay malicious content on top of legitimate content, leading to potential security breaches.",
+    "short_description": "Tapjacking Vulnerability is a type of vulnerability where an attacker can overlay malicious content on top of legitimate content, leading to potential security breaches.",
     "references": {
         "Overlay Attacks: Top Techniques And How To Counter Them": "https://www.appsealing.com/overlay-attacks/",
         "Mobile overlay attacks on Android": "https://www.ikarussecurity.com/en/mobile-device-management-en/mobile-overlay-attacks-on-android/"
     },
-    "title": "Overlay Vulnerability",
+    "title": "Tapjacking Vulnerability",
     "privacy_issue": true,
     "security_issue": true,
     "categories": {
@@ -14,6 +14,11 @@
         ],
         "OWASP_MASVS_L2": [
             "MSTG_PLATFORM_2"
+        ],
+        "PCI_STANDARDS": [
+            "REQ_2_2",
+            "REQ_6_2",
+            "REQ_6_3"
         ]
     }
 }

MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/recommendation.md

@@ -0,0 +1,16 @@
+
+# Overlay Vulnerability
+
+To mitigate Tapjacking vulnerabilities in mobile applications, developers should:
+
+ * Implement robust security measures for mobile applications to mitigate overlay vulnerabilities.
+ * Focus on enhancing settings and user interactions for increased security.
+ * Thoroughly validate and filter user inputs and application settings to prevent exploitation by malicious overlays.
+ * Pay special attention to sensitive settings vulnerable to manipulation by overlays, such as authentication parameters or access controls.
+ * Implement strict input validation checks on user-modifiable settings to prevent unauthorized changes.
+ * For settings related to user authentication or authorization, enforce strong authentication mechanisms and authorization controls.
+ * Provide clear user guidance within the application on recognizing and avoiding suspicious overlays.
+ * Regularly update the application to address newly identified vulnerabilities.
+ * Consider implementing overlay detection mechanisms to enhance the application's resilience against potential threats.
+ * On Android 6 (API level 23) and higher, users have to explicitly grant the permission for the app to create an overlay window.
+ * On Android 12 (API level 31) and higher, apps can pass true into Window.setHideOverlayWindows().