VMware has addressed critical security vulnerabilities in several of its main products through patches.

Share it

VMware has addressed several critical security vulnerabilities in its products through recently released patches. The vulnerabilities affect Workstation and Fusion versions 17.x and 13.x, respectively. These flaws could potentially allow malicious actors to steal sensitive information, launch denial-of-service attacks, and execute malicious code.

The identified vulnerabilities are tracked as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, and CVE-2024-22270. These vulnerabilities range in severity scores and cover issues such as use-after-free flaw in Bluetooth, heap buffer-overflow bug in Shader, information disclosure flaw in Bluetooth, and an information disclosure bug in Host Guest File Sharing.

Chinese state-sponsored hackers exploiting VMware vulnerabilities

VMware, being a widely used platform, has been a target for cyber attacks, with Chinese state-sponsored hackers known as UNC3886 recently exploiting a zero-day vulnerability in the devices. The group leveraged the flaw to deploy malware, steal credentials, and extract sensitive data. A patch for this critical vulnerability was released in late October 2023. Famed security researchers from Theori and STAR Labs SG initially reported the vulnerabilities to VMware during the Pwn2Own 2024 Security Contest.

Given the high risk posed by these vulnerabilities, all VMware users are strongly advised to apply the patches promptly. In cases where immediate patching is not possible, users are recommended to implement temporary workarounds, including disabling Bluetooth support and 3D acceleration on virtual machines. While these measures can address some vulnerabilities, the only comprehensive solution for CVE-2024-22270 is to apply the official patch.

Earlier this year, VMware also issued patches for critical vulnerabilities in its ESXi, Workstation, and Fusion products as a result of reports from security researchers. These ongoing efforts highlight the importance of prompt patching to mitigate potential security risks associated with using VMware products.

Source: The Hacker News

🤞 Don’t miss these tips!

🤞 Don’t miss these tips!

Solverwp- WordPress Theme and Plugin