VMware Quietly Patches VM Escape Vulnerability and Paid $150,000 for Researchers

Recently VMware has quickly turned around a patch called VM Escape  which is a critical code execution flaw which is worth $150,000 to the researchers who discovered it.

Till now there are no public exploits reported. However this vulnerability is dangerous as it could allow an attacker to gain access on a virtual instance and run code on the host machine.

 

The bug was originally exploited during PwnFest hacker contest in South Korea conducted alongside this the Power of Community conference was . Hackers from China’s Qihoo 360 also took down Google’s new Pixel mobile device, as well as Microsoft Edge and Adobe Flash, winning more than a half-million dollars in the process.

 

The VMware vulnerability is an out-of-bounds memory access bug in the drag-and-drop function that lives in both VMware Workstation Pro and Player, and VMware Fusion and Fusion Pro.

The VMware vulnerability is an out-of-bounds memory access bug in the drag-and-drop function that lives in both VMware Workstation Pro and Player, and VMware Fusion and Fusion Pro.

“This may allow a guest to execute code on the operating system that runs Workstation or Fusion,” VMware said in its advisory.

VMware said the vulnerability (CVE-2016-7461) affects version 12.x of Workstation and 8.x of Fusion and urges customers to upgrade to 12.5.2 and 8.5.2, respectively. There are temporary mitigations, VMware said.

“On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled,” VMware said. “This workaround is not available on Workstation Player.”

Vulnerabilities and exploits that allow hackers to attack the host machine are the holy grail when it comes to attacks against virtual machines. Last year, Xen patched such a bug in the QEMU open source machine emulator running on the Xen hypervisor. Xen said at the time that a heap overflow in the QEMU IDE subsystem could allow an attacker to use the flaw to run code on the host with the same privileges as the QEMU process.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients