Security Advisory 2024-091

Release Date:

High Severity Vulnerability in VMware Fusion for MacOS

Download

History:

  • 04/09/2024 --- v1.0 -- Initial publication

Summary

On September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems [1].

Technical Details

The vulnerability CVE-2024-38811, with a CVSS score of 8.8, arises from improper handling of environment variables, allowing malicious actors with standard user privileges to execute arbitrary code within the VMware Fusion environment. This may lead to full-system compromise, potentially exposing sensitive data and disrupting operations.

Affected Products

  • VMware Fusion versions prior to 13.6, running on macOS.

Recommendations

CERT-EU recommends to immediately update VMware Fusion to a fixed version.

References

[1] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.