VMware patched its Fusion and Workstation products to clear denial-of-service (DoS) and privilege escalation vulnerabilities.
Fusion 10.x on macOS suffers from a signature bypass flaw that can end up leveraged for local privilege escalation, VMware officials said.
VMware Fusion 10.1.2 fixes the vulnerability, discovered by CodeColorist of AntFinancial LightYear Security Labs.
Workstation 14.x on any platform and Fusion 10.X on macOS also suffer from DoS vulnerabilities.
“VMware Workstation and Fusion contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine,” the company said in its advisory.
The flaw ended up reported to VMware by Hahna Latonick and Kevin Fujimoto through Trend Micro’s Zero Day Initiative (ZDI), and independently by Bruno Botelho. The issue was addressed with the release of Workstation 14.1.2 and Fusion 10.1.2.