Security researcher Marcin “Icewall” Noga of Cisco Talos has released a security advisory for the BlueStacks App Player. This is a popular program that allows users to run Android applications on Microsoft Windows and Apple computers. The security vulnerability allows malicious code to escalate its privileges.
Details
Talos has released the advisory under the CVE-2016-4288 specification. The exploit targets a vulnerability in the registry key permissions that are associated with the BlueStacks application. The program is installed by default with a weak permission set to the registry key. It contains an InstallDir value that could be used by the service component. This gives criminals the ability to easily modify the value and possibly execute a privilege escalation.
When the InstallDir value is modified to a user specified location the malicious user can execute target files with administrative rights.
The exploit works on local systems and does not depend on network activity nor does it offer the criminal any remote control functions. The exploit on its own may impose little damage but when combined with a more severe exploit it can serve as a serious threat.