VMware released security updates that fix a critical integer overflow issue in multiple products.
The products impacted by this integer overflow security issue are the VMWare Workstation, VMware Workstation Player, VMware Workstation Pro, VMware Fusion, and VMware Fusion Pro.
With the help of VMware Fusion, macOS users can “run Windows and other x86 based operating systems on a Mac without rebooting.”
VMware Workstation makes it possible to “develop, test, demonstrate, and deploy software by running multiple x86-based Windows, Linux, and other operating systems simultaneously on the same PC.”
“VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host” VMware said in an advisory.
This integer overflow security bug was assigned the CVE-2018-6983 case number by the Common Vulnerabilities and Exposures project.
The issue was discovered and reported Tianwen Tang of Qihoo 360Vulcan Team November 16, during the Tianfu Cup 2018 International Pwn Contest.
There is no known mitigation for the CVE-2018-6983 issue at the moment, but VMware provides updates for all affected products.
VMware Workstation users are required to update their installation to the 14.1.2/15.0.2 releases, and VMware Fusion owners should install the 10.1.5/11.0.2 versions.