Security News > 2020 > March > Patch for Recently Disclosed VMware Fusion Vulnerability Incomplete
The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.
VMware informed customers on March 17 that Fusion, Remote Console and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries.
The researchers credited for reporting the vulnerability to VMware - Jeffball from cybersecurity firm GRIMM and Rich Mirch - both told SecurityWeek that the patch for Fusion is incomplete.
"VMware USB Arbitrator Service and Open VMware Fusion Services are both setuid root binaries located at /Applications/VMware Fusion.app/Contents/Library/services," Mirch explained in his PoC exploit.
Jeffball, who has also published technical information about the flaw, told SecurityWeek that the "Open VMware Fusion Services binary is fixed, but the Open VMware USB Arbitrator Service binary is not. When running the exploit for fusion services, it gets a bad code signature error, but the same thing works fine on the USB arbitrator service."
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)