BlueStacks is a popular PC and mobile Android emulator. The product is free for users and has substantial support from Samsung, Qualcomm, Intel, and AMD. It has been reported that the product had quite a few security concerns. Cyber attackers were allowed to manipulate code and access personal information due to lack of proper security implementations.
What went wrong with BlueStacks Android emulator?
The security bugs give attackers the ability to access and manipulate code remotely. A fact that is made more alarming due to the massive size of users currently engaged with BlueStacks. That affects users who could be affected by malicious software from the installation of widely distributed APK files.
The company has stepped forward and mentioned a severe gap in their security system. That is due to a lack of proper authentication protocols within their IPC mechanism and interface.
BlueStacks has issued an advisory statement that says: “An attacker can use DNS Rebinding to gain access to the BlueStacks App Player IPC mechanism via a malicious web page. From there, various exposed IPC functions can be abused.”
The security issue could be exploited by gaining unauthorized access into the system through the BlueStacks App Player IPC mechanism. Security issues seemed only to affect the system of a targeted emulator user without displaying complete corruption of their device that could allow for further spread.
The affected BlueStacks Android emulator versions
No clicking or download is necessary to be affected by malicious software. Due to the security vulnerability, just visiting a malicious website puts the user in danger of being affected. The security concern is found in BlueStacks 4.80 version and below. A patch has been created to address the issue and seal the gap in the company’s security.
BlueStacks 4.90 contains the security patch, and all BlueStacks users are strongly advised to visit the official website to perform the update. However, versions 2 and 3 of this popular Android emulator not provide the fix as the company is currently choosing not to address the older versions of their product.