Virtualisation vendor VMware has released security updates to address zero-day bugs in its Fusion and Workstation hypervisors, including a critical flaw that could be exploited to run code with high privileges.
Security vendor Star Labs in Singapore successfully attacked VMware Workstation in March this year as part of the annual Pwn2Own competition, run by Trend Micro's Zero Day Initiative.
Both Fusion and Workstation contain a stack-based buffer overflow vulnerability in its Bluetooth device sharing functionality with the virtual machine, VMware said in its security advisory.
"A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host," VMware said.
The bug is rated as critical, at 9.3 out of 10.0 on the Common Vulnerabilities Scoring System version 3.
Turning off Bluetooth support on virtual machines is a workaround for the flaw, but otherwise users are advised to upgrade Workstation to version 17.0.2 and Fusion to version 13.0.2.
The Bluetooth device sharing functionality also contains another bug, rated as 7.1 on CVSSv3, that could allow an attacker with local admin privileges on VMs to read data in the hypervisor memory.
LINE Security found an issue in Fusion that could allow attackers with read/write access to a host operating system to gain local privilege escalation, and root access in the process.
An out-of-bounds read/write vulnerability in Fusion and Workstation is also fixed with the security updates.
This affects virtual machines that have physical CD/DVD drives attached and configured to use a virtual SCSI controller.
The bug could be exploited to execute code on the hypervisor from the virtual machine, VMware said.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
