VMware released updates to address vulnerabilities in
Amat Cama and Richard Zhu of team Fluoroacetate earned $70,000 for escaping a VMware Workstation virtual machine and executing code on the underlying host operating system.
At Pwn2Own 2019, Amat Cama and Richard Zhu of team Fluoroacetate demonstrated two VMware Workstation vulnerabilities, including one that was leveraged in a complex exploit targeting Microsoft’s Edge browser. They earned $70,000 for escaping a VMware Workstation virtual machine and executing code on the underlying host operating system, and $130,000 for the Edge exploit.
VMware released security updates for macOS version of ESXi, Workstation, and Fusion.
The critical vulnerabilities are an out-of-bounds read/write vulnerability (CVE-2019-5518) and a Time-of-Check-Time-of-Use (TOCTOU) issue (CVE-2019-5519) that reside in the virtual USB 1.1 Universal Host Controller Interface (UHCI).
“VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). ” reads the security advisory published by the company.
“Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host. ”
VMware has also patched a critical out-of-bounds write vulnerability affecting the e1000 virtual network adapter used by Workstation and Fusion on macOS. The vulnerability, tracked as CVE-2019-5524, could be exploited by a guest to execute arbitrary code on the host. The company credited Zhangyanyu of Chinese company Chaitin Tech for the
The company addressed a similar flaw affecting Workstation and Fusion in the e1000 and e1000e virtual network adapters. The flaw, rated as “important,” could be exploited to get code execution on the host from the guest operating system.
VMware also addressed a critical vulnerability in Fusion 11.x running on macOS (CVE-2019-5514).
“VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket.” continues the advisory.
The company also addressed a critical vulnerability (CVE-2019-5523) affecting vCloud Director for Service Providers that impacts version 9.5.x on any platform. The flaw could be exploited by a remote attacker to hijack sessions for the Tenant and Provider portals by impersonating a currently logged-in session.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.