Security News > 2024 > September > Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18
2024-09-22 08:00
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical VMware vCenter Server bugs fixed (CVE-2024-38812) Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). Apple releases iOS 18, with security and privacy improvements Apple has launched iOS 18, the latest significant iteration of … More → The post Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 appeared first on Help Net Security.
News URL
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38813 | Improper Check for Dropped Privileges vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | 9.8 |
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |