Security News > 2020 > March > Patch for Recently Disclosed VMware Fusion Vulnerability Incomplete
The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.
VMware informed customers on March 17 that Fusion, Remote Console and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries.
The researchers credited for reporting the vulnerability to VMware - Jeffball from cybersecurity firm GRIMM and Rich Mirch - both told SecurityWeek that the patch for Fusion is incomplete.
"VMware USB Arbitrator Service and Open VMware Fusion Services are both setuid root binaries located at /Applications/VMware Fusion.app/Contents/Library/services," Mirch explained in his PoC exploit.
Jeffball, who has also published technical information about the flaw, told SecurityWeek that the "Open VMware Fusion Services binary is fixed, but the Open VMware USB Arbitrator Service binary is not. When running the exploit for fusion services, it gets a bad code signature error, but the same thing works fine on the USB arbitrator service."
News URL
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)