SIMonline

Service receive & sending SMS

Disadvantages of VMware Patches

63   |     /   Programs
Disadvantages of VMware Patches
Security updates released by VMware for its vCloud Director, ESXi, Workstation, and Fusion products fix several vulnerabilities, including recently discovered at the Pwn2Own 2019 hacker competition.



Buy virtual numbers on the SIMonline website, very cheap and reliable numbers for registrations.

At Pwn2Own 2019, Amat Kama and Richard Zhu of the Fluoroacetate team demonstrated two VMware Workstation vulnerabilities, including one that was used in a complex exploit targeting the Microsoft Edge browser. They earned $ 70,000 for exiting the VMware Workstation virtual machine and executing code on the host's host operating system, and $ 130,000 for the Edge exploit.

VMware updates for ESXi, Workstation, and Fusion (MacOS only) address these shortcomings. The vendor described these issues as an unstable read / write vulnerability and Validation Time Error (TOCTOU) in the USB 1.1 virtual universal host interface (UHCI). The CVE identifiers CVE-2019-5518 and CVE-2019-5519 were assigned to these vulnerabilities, both of which are classified as critical.

VMware also fixed a critical out-of-band write vulnerability in the e1000 virtual network adapter used by Workstation and Fusion (macOS only). The security hole discovered by Chaitin Tech, a Chinese company, may allow a guest to execute arbitrary code on the host. This issue is tracked as CVE-2019-5524.

A similar flaw affecting the workstation and Fusion was discovered by ZhanluLab in the e1000 and e1000e virtual network adapters. Although exploiting this flaw can lead to code execution on the host from the guest operating system, a more likely result is a denial of service (DoS) condition for the guest. This issue has been assigned a severity level of “Important”.

VMware told customers that Fusion 11.x running on macOS is subject to a critical vulnerability that is being monitored as CVE-2019-5514. The flaw was reported to the company by an independent Chinese researcher who uses the online nickname CodeColorist and Hungarian researcher Csaba Fitzl.

“VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker could exploit this problem by tricking the host user into running JavaScript to perform unauthorized functions on the guest machine on which VMware Tools is installed. It can also be used to execute commands on guest machines, ”VMware explained in his recommendation.

In a separate publication, VMware described a critical vulnerability affecting VMware vCloud Director for service providers. This flaw, tracked as CVE-2019-5523, affects vCD 9.5.x on any platform and allows a remote attacker to intercept sessions for the Tenant and Provider portals by personifying the current session that is logged on.

Similar news


Vulnerability of PowerFlex AC Drives

Rockwell Automation Allen Bradley PowerFlex 525 AC drives are subject to critical denial of service (DoS) vulnerabilities that allow hackers to gain control of devices.

Microsoft Antivirus for Mac

Microsoft takes the fight against malware seriously. So serious that the company just released an anti-virus application to protect computers created by one of its largest competitors, Apple.

Asus computers at risk

Do you have an ASUS computer? Researchers at Kaspersky Lab can share pretty gloomy news with you. One of the servers that delivers updates to your computer has been hacked and may have pushed dangerous malware into your system.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved