Bluestacks update fixes vulnerabilities (BS-2020-001)

October 20, 2021 11:58

Updated date - 02-11-2020

Summary

Impact of Vulnerability	Escalation of privilege vulnerability in BlueStacks
CVE Numbers	CVE-2020-24367
Severity Rating	High
CVSS v3 Base / Temporal Scores:	Base: 8.2
Recommendations	Install or update to the latest version of BlueStacks
Affected Versions	Windows: BlueStacks 4.230 and below
Location of Updated Software	https://www.bluestacks.com/download.html

Description

CVE-2020-24367

Bluestacks 4 is vulnerable to privilege escalation attacks that allow a local user on Windows
(“Low Integrity”) to induce the execution of code with administrative scope ("High Integrity") on
Windows 10. This is due to incorrect permissions set by Bluestacks when installed, which
allows any user (“Everyone”) to modify files that may later be executed with administrative
privileges.

CVE-2020-24367: Escalation of Privilege vulnerability in Bluestacks.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24367

Remediation

Download BlueStacks from https://www.bluestacks.com/download.html
Ensure you are on the latest version of BlueStacks. You can learn how to update BlueStacks by clicking here.

Workaround

Download the latest version of BlueStacks from https://www.bluestacks.com/download.html

Acknowledgments

Danny "Rushyo" Moules

CVSS Scoring

Base Score	8.2
Attack Vector (AV)	Local (L)
Attack Complexity (AC)	Low (L)
Privileges Required (PR)	Low (L)
User Interaction (UI)	Required (R)
Score (S)	Changed (C)
Confidentiality (C)	High (H)
Integrity (I)	High (H)
Availability (A)	High (H)

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C