Security News > 2020 > June > VMware Fixes Fusion Vulnerability Introduced by Previous Patch
An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch.
VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.
Roughly one week after the initial patch was released, VMware made another attempt at fixing the vulnerability, but this second fix introduced a new vulnerability.
VMware attempted to patch the TOCTOU vulnerability in Fusion last week with the release of version 11.5.5, but patches for VMRC and Horizon Client for Mac are pending.
Mirch, who plans on publishing a blog post and a new proof-of-concept exploit for the vulnerability in the upcoming days, told SecurityWeek that his initial tests showed that the patch works.
News URL
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)