Updated Date: 09-04-2021
Summary
| Impact of Vulnerability | Escalation of privilege vulnerability in BlueStacks |
| CVE Numbers | CVE-2020-24367 |
| Severity Rating | High |
| CVSS v3 Base / Temporal Scores: | Base: 8.2 |
| Recommendations | Install or update to the latest BlueStacks App Player |
| Affected Versions | MAC: BlueStacks 4.240 and below |
| Location of Updated Software | https://www.bluestacks.com/download.html |
Description
Bluestacks 4 is vulnerable to privilege escalation attacks that allow an executable (Low Integrity) to interact with the privileged helper service (High Integrity) on MacOS. There are DYLB injection, a race condition in the authentication of the service due to the use of PID for authentication and the use of the "com.apple.security.get-task-allow" entitlement that allows any process to perform a thread hijacking attack on the application.
Using these vulnerabilities an attacker can delete arbitrary folders / files on the host as root. There is another vulnerability due to insufficient checks during authentication when any process makes XPC requests.
Remediation
MAC
Download the product from http://www.bluestacks.com/download.html. Install the updated Bluestacks Player using the usual update path.
Workaround
- Download the latest version of BlueStacks from the website . Acknowledgements
Danny 'Rushyo' Moules
CVSS Scoring
| Base Score | 8.2 |
| Attack Vector (AV) | Local (L) |
| Attack Complexity (AC) | Low (L) |
| Privileges Required (PR) | Low (L) |
| User Interaction (UI) | Required (R) |
| Scope (S) | Changed (C) |
| Confidentiality (C) | High (H) |
| Integrity (I) | High (H) |
| Availability (A) | High (H) |
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C