Security News > 2020 > January > Vulnerabilities Found in VMware Tools, Workspace ONE SDK
VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability.
According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges.
"However, if upgrading is not possible, exploitation of this issue can be prevented by correcting the ACLs on C:ProgramDataVMwareVMware CAF directory in the Windows guests running VMware Tools 10.x.y versions. In order to correct ACLs for this directory, remove all write access permissions for Standard User from the directory," VMware said in a separate document describing workarounds for this flaw.
A few days ago, VMware also informed customers that the Workspace ONE SDK and dependent iOS and Android mobile applications are affected by a vulnerability that can lead to the disclosure of sensitive information.
"A malicious actor with man-in-the-middle network positioning between an affected mobile application and Workspace ONE UEM Device Services may be able to capture sensitive data in transit if SSL Pinning is enabled," VMware said.