Security News > 2020 > November > VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts
2020-11-20 04:26
VMware has revealed and repaired the flaws in its hypervisor discovered at China's Tianfu Cup white hat hacking competition.
The bug needs patching in ESXi from version 6.5, VMware's Fusion and Workstation desktop hypervisors from versions 11 and 15 respectively, plus VMware Cloud Foundation from version 3.
Patches are available for the two flaws, with download details available at VMware's security advisory page.
The white hats also took home a $180,000 reward for their troubles - cheap security research for $10.8bn VMware.
The flaws were revealed on November 8th - just 11 days before VMware's disclosure and delivery of fixes.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/11/20/vmware_esxi_flaws/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)