1. BlueStacks Support
  2. Security Advisory
  3. Security Advisory for BlueStacks

Bluestacks update fixes vulnerabilities (BS-2021-002)

Updated date: 19-10-2021

Summary

Impact of Vulnerability  Escalation of privilege vulnerability in BlueStacks
CVE Numbers  
Severity Rating High
CVSS v3 Base / Temporal Scores: Base: 8.2
Recommendations Install or update to the latest BlueStacks App Player
Affected Versions Windows: BlueStacks 5.1.0 and below
Location of Updated Software https://www.bluestacks.com/download.html


Description 

There is a potential sandbox escape caused by the fact that BlueStacks in its default configuration mounts the current Windows user's Documents folder as read-write.

Remediation

Windows
Download the product from http://www.bluestacks.com/download.html. Install the updated Bluestacks Player using the usual update path.

Workaround

● Download the latest version of BlueStacks from the website.

Acknowledgments

Maciej Miszczyk

CVSS Scoring

Base Score 8.2
Attack Vector (AV) Local (L)
Attack Complexity (AC) Low (L)
Privileges Required (PR) Low (L)
User Interaction (UI) Required (R) 
Scope (S) Changed (C)
Confidentiality (C) High (H)
Integrity (I) High (H)
Availability (A) High (H)


https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C

Was this article helpful?
2 out of 2 found this helpful
Reach out to us on Reddit (Join Reddit) or Discord (Join Discord) or at support@bluestacks.com with your questions.
We’d love to hear from you! Please take a moment to share your thoughts on the BlueStacks Help Center via this survey.
Subscribe to BlueStacks Weekly!
Get updates on new releases, features, and fixes. Discover trending games & enjoy exclusive gift codes!
By subscribing, I agree to receive weekly updates from the BlueStacks Help Center.
Thank you for subscribing to BlueStacks Weekly
Keep an eye on your inbox for updates on the latest features, gaming trends, bug fixes, gift codes, and much more!

Articles in this section