VMware released security updates to address several vulnerabilities in its products which could allow an attacker to obtain sensitive information from a user.
The vulnerabilities affect VMware vSphere ESXi (ESXi), VMware Workstation Pro / Player (Workstation), VMware Fusion Pro, and Fusion (Fusion) and are the result of multiple out-of-bounds read vulnerabilities in the shader translator, according to a VMware Security Advisory.
Three of the vulnerabilities are rated important and successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs.
Researchers recommend users keep their systems updated and those who are affected to review the patch/release noted for their product and verify the checksum of their download file. Last month, VMware patched an RCE flaw for AirWatch Agent for Android, AirWatch Agent for Windows.
The update resolves a flaw (CVE-2018-6968) in the real-time file manager capabilities which may allow for the unauthorised creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.