VMware Quietly Patches VM Escape Vulnerability and Paid $150,000 for Researchers

  • 353
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    353
    Shares

Recently VMware has quickly turned around a patch called VM Escape  which is a critical code execution flaw which is worth $150,000 to the researchers who discovered it.

Till now there are no public exploits reported. However this vulnerability is dangerous as it could allow an attacker to gain access on a virtual instance and run any code on the host machine.

 

The bug was originally exploited during PwnFest hacker contest in South Korea conducted last week. In this contest,alongside this the Power of Community conference was  ran. Hackers from China’s Qihoo 360 also took down Google’s new Pixel mobile device, as well as Microsoft Edge and Adobe Flash, winning more than a half-million dollars in the process.

 

The VMware vulnerability is an out-of-bounds memory access bug in the drag-and-drop function that lives in both VMware Workstation Pro and Player, and VMware Fusion and Fusion Pro.

The VMware vulnerability is an out-of-bounds memory access bug in the drag-and-drop function that lives in both VMware Workstation Pro and Player, and VMware Fusion and Fusion Pro.

“This may allow a guest to execute code on the operating system that runs Workstation or Fusion,” VMware said in its advisory.

VMware said the vulnerability (CVE-2016-7461) affects version 12.x of Workstation and 8.x of Fusion and urges customers to upgrade to 12.5.2 and 8.5.2, respectively. There are temporary mitigations, VMware said.

“On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled,” VMware said. “This workaround is not available on Workstation Player.”

Vulnerabilities and exploits that allow hackers to attack the host machine are the holy grail when it comes to attacks against virtual machines. Last year, Xen patched such a bug in the QEMU open source machine emulator running on the Xen hypervisor. Xen said at the time that a heap overflow in the QEMU IDE subsystem could allow an attacker to use the flaw to run code on the host with the same privileges as the QEMU process.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply