VMWare releases Fusion vulnerability with 8.8 rating – Christian Vasquez
– [[{“value”:”
A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom.
The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.
The vulnerability allows a user with standard privileges to execute code within the Fusion application.
Ransomware actors have long used VMWare products for initial access and further digital extortion. The new ransomware variant Cicada3301 is known to use a vulnerability in VMWare ESXi systems.
The post VMWare releases Fusion vulnerability with 8.8 rating appeared first on CyberScoop.
“}]] – Read More – CyberScoop