VMWare Patched Critical Vulnerability In Workstation And Fusion

  • 9
  •  
  •  
  •  
  •  
  •  
  •  
    9
    Shares

Recently, VMware patched critical vulnerability affecting its Workstation and Fusion software. The bug could allegedly allow an attacker to execute code on target machines. VMware warns users to update their devices with patched versions so as to remain secured from hacks involving exploitation of this bug.

Integer Overflow Vulnerability Discovered In Workstation And Fusion Network Devices

As disclosed in their latest security advisory, VMware patched critical vulnerability affecting its Workstation and Fusion network devices. The vulnerability existed in the software packages. It could allegedly let an attacker execute malicious codes on targeted devices.

Reportedly, a researcher named Tianwen Tang from the Qihoo 360Vulcan Team discovered a critical integer overflow bug that made the devices vulnerable to cyber attacks. He presented his discovery at the cybersecurity contest TianfuCup 2018 recently held in China.

As stated in the VMware advisory,

VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

The bug has received critical severity ratings with CVE number CVE-2018-6983. Presently, no workaround or mitigation is available to address this vulnerability.

VMware Patched Critical Vulnerability In The Latest Software Versions

The integer overflow vulnerability referred herewith allegedly affected Workstation 14.x and 15.x running on the platform. Whereas, in the case of Fusion, the bug was viable in versions 10.x and 11.x running on OS X.

VMware has released patches for the flaw in the following software versions. Thus the users of Workstation 14.x and 15.x should update their devices to the patched versions 14.1.5 and 15.0.2 respectively. While the users of Fusion 10.x and 11.x should upgrade to the versions 10.1.5 and 11.0.2 respectively.

The recent advisory comes right after the vSphere Data Protection (VDP) updates that addressed numerous security vulnerabilities including a critical remote code execution bug.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!