Dark
Light

VMware Fusion flaw allows hackers to run harmful code

1 min read
57 views

TLDR:

Key Points:

  • VMware Fusion has a vulnerability (CVE-2024-38811) that allows attackers to execute malicious code.
  • The vulnerability affects VMware Fusion 13.x versions running on MacOS.

VMware has issued a security advisory to address a significant vulnerability in its VMware Fusion product that could allow attackers to execute malicious code. This vulnerability, identified as CVE-2024-38811, stems from the application’s use of an insecure environment variable. With a CVSSv3 score of 8.8, it is classified as important. The flaw allows a malicious actor with standard user privileges to execute arbitrary code within the Fusion application’s context. Users are advised to upgrade to the fixed version specified in VMware’s response matrix, which lists VMware Fusion 13.6 as the patched version. VMware has credited Mykola Grymalyuk of RIPEDA Consulting for responsibly reporting the issue. Organizations are urged to apply the update immediately to mitigate the risk of exploitation as there are no known specific exploits in circulation for CVE-2024-38811.

Previous Story

Unveiling the hidden risks of using Slack for your CISO

Next Story

Mr Cooper denies cyber attack link to PII on dark web

Latest from News