BlueStacks fails to restrict access permissions for ADB

  Impact of Vulnerability BlueStacks fails to restrict access permissions
  CVE Numbers  CVE-2018-0701
  Severity Rating High
  CVSS v3 Base / Temporal Scores: Base: 6.3
  Recommendations Install or update to latest BlueStacks App Player
  Affected Versions Windows: BlueStacks 3 and above
MacOS: BlueStacks 2 and above
  Location of Updated Software

http://www.bluestacks.com/download.html

Summary

BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on
Windows or MacOS.
When BlueStacks is installed and activated, BlueStacks adb connection debug port 5555/TCP
waits for a connection request.
If the terminal which installed/activated BlueStacks is internet reachable, an attacker can install
malicious application by using package manager because adb connect does not require
authentication and lets a shell access the BlueStacks' VM environment


● CVE-2018-0701: BlueStacks fails to restrict access permissions.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0701

 

Remediation

For Windows

Download the product from http://www.bluestacks.com/download.html.
Install the updated Bluestacks Player using the usual update path.

For Mac

Please see attached the link of the mechanism of how to block the affected port.
https://support.bluestacks.com/hc/articles/360016496752

 

Workaround


● Do not connect BlueStacks installed machine to the internet directly.
● Block access from outside to 5555/TCP.


Acknowledgments


Masaki Kubo and Yoshiki Mori of Cybersecurity Laboratory,
National Institute of Information and Communications Technology


CVSS Scoring

Base Score 6.3
Attack Vector (AV) Advanced (A)
Attack Complexity (AC) Low (L)
Privileges Required (PR None (N)
User Interaction (UI) None (N)
Scope (S) Unchanged (U)
Confidentiality (C) Low (L)
Integrity (I) Low (L)
Availability (A) Low (L)

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Was this article helpful?
11 out of 18 found this helpful
Reach out to us on Reddit (Join Reddit) or Discord (Join Discord) or at support@bluestacks.com with your questions.

We’d love to hear from you! Please take a moment to share your thoughts on the BlueStacks Help Center via this survey.
Subscribe to BlueStacks Weekly!
Get updates on new releases, features, and fixes. Discover trending games & enjoy exclusive gift codes!
By subscribing, I agree to receive weekly updates from the BlueStacks Help Center.
Thank you for subscribing to BlueStacks Weekly
Keep an eye on your inbox for updates on the latest features, gaming trends, bug fixes, gift codes, and much more!