A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom.

The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.

The vulnerability allows a user with standard privileges to execute code within the Fusion application.

Ransomware actors have long used VMWare products for initial access and further digital extortion. The new ransomware variant Cicada3301 is known to use a vulnerability in VMWare ESXi systems.Â

The post VMWare releases Fusion vulnerability with 8.8 rating appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Russian national indicted for role in cyberattacks on Ukraine

June 26, 2024 0 Comments 0 tags

A federal grand jury in Maryland on Wednesday indicted a Russian who allegedly worked with his country’s military intelligence to attack targets in Ukraine ahead of Russia’s full-scale invasion in

Read More

10 Billion Passwords Leaked on Hacking Forum

July 8, 2024 0 Comments 0 tags

A Cybernews investigation found that nearly 10 billion unique passwords have been posted on a popular hacking forum, putting users worldwide at risk of account compromises

Read More

How to fine-tune the White House’s new critical infrastructure directive

May 1, 2024 0 Comments 0 tags

It’s been more than a decade since the United States last revised the key policy document that describes the federal government’s role in protecting U.S. critical infrastructure, but this week

Read More