Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: VMware Fusion updates to fixes a couple of bugs - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMware Fusion updates to fixes a couple of bugs

VMWare have informed us that an update is available for their Apple Mac version of their VMWare environment, VMWare Fusion.

The update  fixes a vulnerability found in all versions of VMWare Fusion, so if you use this product, it is time to update. A vulnerability for one of the issues has been published.

The published vulnerability apparently produces a remote shell with root privileges but I have not tested it at this time.

The exploit writer comments:

"The vmx86 kext ioctl handler permits an unprivileged userland program to initialize several function pointers via the 0x802E564A ioctl code. These function pointers are later used from several reachable locations within the driver, one of which is called immediately after initialization."

 

Stephen

89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!