VMware Fusion, a macOS hypervisor used for running virtual machines, contains a high-severity code execution vulnerability, as disclosed by Broadcom. The only mitigation currently available is to update the software to the latest version.
The flaw leaves virtual machines on macOS vulnerable to potential attackers. They need standard user privileges to execute code within the context of the Fusion application.
The flaw is caused by the usage of an insecure environment variable. According to the initial advisory, it has a high severity score of 8.8/10.
The vulnerability affects VMWare Fusion versions on MacOS prior to 13.6, which addresses the flaw.
For now, no additional documentation or other workarounds have been released. VMWare acknowledges Mykola Grymalyuk of RIPEDA Consulting for reporting this issue.
According to VMWare response guidelines, the company typically addresses vulnerabilities in the “important” severity range in the next planned maintenance or update releases and takes immediate corrective actions on vulnerabilities rated as critical (9.0/10 and higher).
In July, Microsoft warned that multiple ransomware operators, such as Black Basta, Storm-1175, Akira, Octo Tempest, and Manatee Tempest, are utilizing another VMware ESXi Authentication Bypass Vulnerability, for which VMware assigned a score of 6.8 out of 10. Despite the patch being available, ransomware operators are still capitalizing on it.
Your email address will not be published. Required fields are markedmarked