VMware issues critical security update for Workstation and Fusion products

News by Bradley Barth

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorised guests to execute code on the host.

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorised guests to execute code on the host.

Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2 of Fusion and Fusion Pro.

In a 22 November company security advisory, VMware said that researcher Tianwen Tang of the Qihoo 360Vulcan Team uncovered the bug while participating in the Tianfu Cup 2018 International Pwn Contest.

This article was originally published on SC Media US. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events