Release Date:
High Severity Vulnerability in VMware Fusion for MacOS
Download
History:
- 04/09/2024 --- v1.0 -- Initial publication
Summary
On September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems [1].
Technical Details
The vulnerability CVE-2024-38811, with a CVSS score of 8.8, arises from improper handling of environment variables, allowing malicious actors with standard user privileges to execute arbitrary code within the VMware Fusion environment. This may lead to full-system compromise, potentially exposing sensitive data and disrupting operations.
Affected Products
- VMware Fusion versions prior to 13.6, running on macOS.
Recommendations
CERT-EU recommends to immediately update VMware Fusion to a fixed version.