Cisco Blogs

Vulnerability Spotlight: BlueStacks App Player Privilege Escalation

August 10, 2016 - 1 Comment

Discovered by Marcin ‘Icewall’ Noga of Cisco Talos

Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It’s commonly used to run popular Android games on these platforms.


A weak registry key permission vulnerability exists in the BlueStacks application. By default the BlueStack installer sets a weak permission to the registry key, which contains InstallDir reg value, this can be used later by the BlueStacks service component. This default configuration gives a malicious user the ability to modify this value, which can lead to privilege escalation.

Read More>>


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. BlueStacks has addressed this issue from release version onwards, which is publicly available for download from

    In addition to providing software updates for our installed base, we are actively advising existing users to upgrade to the latest release available for download from

    Thank you
    BlueStacks Support