Security News > 2020 > June > VMware Fixes Fusion Vulnerability Introduced by Previous Patch
An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch.
VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.
Roughly one week after the initial patch was released, VMware made another attempt at fixing the vulnerability, but this second fix introduced a new vulnerability.
VMware attempted to patch the TOCTOU vulnerability in Fusion last week with the release of version 11.5.5, but patches for VMRC and Horizon Client for Mac are pending.
Mirch, who plans on publishing a blog post and a new proof-of-concept exploit for the vulnerability in the upcoming days, told SecurityWeek that his initial tests showed that the patch works.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)