Code Execution Vulnerability Discovered in VMware Fusion

 



VMware Addresses High-Severity Vulnerability in Fusion Hypervisor

VMware Releases Critical Security Update to Patch Code Execution Flaw

On Tuesday, VMware issued a crucial security update for its Fusion hypervisor, tackling a high-severity vulnerability that could expose users to potentially devastating code execution exploits. The flaw, identified as CVE-2024-38811 with a CVSS score of 8.8 out of 10, has been deemed a significant risk by VMware.


Details of the Vulnerability

The root cause of CVE-2024-38811 is an insecure environment variable within VMware Fusion. This weakness could allow a malicious actor to execute code in the context of the Fusion application, which could lead to a complete system compromise. According to VMware's advisory, the defect primarily affects VMware Fusion versions 13.x.

“This vulnerability arises from the use of an insecure environment variable,” VMware stated. “We’ve assessed this issue as ‘Important’ due to its potential impact.” While the company has not reported any known exploits in the wild, the risk posed by this flaw underlines the importance of applying the update without delay.

Impact and Response

The vulnerability could potentially be exploited by an attacker with standard user privileges, allowing them to execute malicious code and potentially gain control over the host system. VMware Fusion users are strongly advised to upgrade to version 13.6, which addresses this critical issue and ensures better security.

VMware has credited Mykola Grymalyuk of RIPEDA Consulting for identifying and reporting this vulnerability. Grymalyuk's contribution highlights the importance of community vigilance in maintaining the security of widely used software.

Additional Updates

In addition to addressing the vulnerability, VMware Fusion 13.6 also includes an update to OpenSSL version 3.0.14. This release fixes three vulnerabilities that could lead to denial-of-service conditions or significant performance slowdowns. By updating to this version, users benefit from enhanced security and stability.

Recommendations

There are currently no workarounds for CVE-2024-38811, so updating to VMware Fusion 13.6 is the only effective way to mitigate this vulnerability. Users should promptly apply the update to protect their systems from potential exploitation.

For more details and to download the latest version of VMware Fusion, visit VMware’s official website or refer to the security advisory provided by the company.

No comments:

Global Espionage? Chinese Cyber Centre Accuses U.S. of Tech Firm Hacks

  U.S. Accused of Cyberattacks and Trade Secret Theft by Chinese Cybersecurity Centre A Chinese cybersecurity organization has accused the U...