CVE-2019-14220

Name of the Vulnerable Software and Affected Versions BlueStacks versions 4.110 and below on macOS BlueStacks versions 4.120 and below on Windows

Description The issue concerns a local arbitrary file read through a system service call. It affects the method that runs with System admin privilege, allowing it to return the content of a file given the file name as a parameter. A malicious app can exploit this to read the content of any system file it is not authorized to read.

Recommendations For BlueStacks versions 4.110 and below on macOS, consider restricting access to system service calls until a patch is available. For BlueStacks versions 4.120 and below on Windows, consider disabling the affected method to prevent unauthorized file reads. As a temporary workaround, avoid using the affected system service call with sensitive file names until the issue is resolved.