One of the widely used Android emulators for Windows, BlueStacks, was discovered with a major security flaw that could put millions of gamers at risk. If the user has installed a BlueStacks version prior to 10.40.1000.502, attackers can gain unauthorized access to the system.
The security issue arises from how BlueStacks stores its configuration files in the ProgramData directory. These files have permissions that allow anyone on the system to access and edit them. This means that even users without privileges can modify these files, posing a severe security risk.
The attacker would first set up a regular user account to exploit this vulnerability and then target the administrator account. The attacker will need the target to install a vulnerable version of BlueStacks. Once installed, an attacker could modify a BlueStacks configuration file, such as Nougat32.bstk, to gain access to the C drive of the Windows system. Additionally, the attacker can install a malicious app on the Android system, which will run every time BlueStacks is started. When the target uses BlueStacks, the malicious app installs its code in its startup directory. This malicious code executes on the next reboot of the computer, allowing the attacker to control the system with elevated privileges of the target.
If exploited, this vulnerability might allow an attacker to install malicious software, steal personal information, and gain control of a victim’s computer. To defend against this issue, users should update BlueStacks to the most recent version as soon as feasible. Once downloaded and installed, the latest version released by developers will reduce this risk to the user’s system.
