Buy virtual numbers on the SIMonline website, very cheap and reliable numbers for registrations.
At Pwn2Own 2019, Amat Kama and Richard Zhu of the Fluoroacetate team demonstrated two VMware Workstation vulnerabilities, including one that was used in a complex exploit targeting the Microsoft Edge browser. They earned $ 70,000 for exiting the VMware Workstation virtual machine and executing code on the host's host operating system, and $ 130,000 for the Edge exploit.
VMware updates for ESXi, Workstation, and Fusion (MacOS only) address these shortcomings. The vendor described these issues as an unstable read / write vulnerability and Validation Time Error (TOCTOU) in the USB 1.1 virtual universal host interface (UHCI). The CVE identifiers CVE-2019-5518 and CVE-2019-5519 were assigned to these vulnerabilities, both of which are classified as critical.
VMware also fixed a critical out-of-band write vulnerability in the e1000 virtual network adapter used by Workstation and Fusion (macOS only). The security hole discovered by Chaitin Tech, a Chinese company, may allow a guest to execute arbitrary code on the host. This issue is tracked as CVE-2019-5524.
A similar flaw affecting the workstation and Fusion was discovered by ZhanluLab in the e1000 and e1000e virtual network adapters. Although exploiting this flaw can lead to code execution on the host from the guest operating system, a more likely result is a denial of service (DoS) condition for the guest. This issue has been assigned a severity level of “Important”.
VMware told customers that Fusion 11.x running on macOS is subject to a critical vulnerability that is being monitored as CVE-2019-5514. The flaw was reported to the company by an independent Chinese researcher who uses the online nickname CodeColorist and Hungarian researcher Csaba Fitzl.
In a separate publication, VMware described a critical vulnerability affecting VMware vCloud Director for service providers. This flaw, tracked as CVE-2019-5523, affects vCD 9.5.x on any platform and allows a remote attacker to intercept sessions for the Tenant and Provider portals by personifying the current session that is logged on.