Security News > 2020 > June > VMware Fixes Fusion Vulnerability Introduced by Previous Patch
An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch.
VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.
Roughly one week after the initial patch was released, VMware made another attempt at fixing the vulnerability, but this second fix introduced a new vulnerability.
VMware attempted to patch the TOCTOU vulnerability in Fusion last week with the release of version 11.5.5, but patches for VMRC and Horizon Client for Mac are pending.
Mirch, who plans on publishing a blog post and a new proof-of-concept exploit for the vulnerability in the upcoming days, told SecurityWeek that his initial tests showed that the patch works.