May 14, 2024 at 12:18PM
Multiple security flaws have been disclosed in VMware Workstation and Fusion products, impacting versions 17.x and 13.x. Exploitable by threat actors, these flaws allow access to sensitive information, DoS conditions, and code execution. Temporary workarounds are suggested until patches can be deployed, including turning off Bluetooth support and disabling 3D acceleration.
Meeting takeaways:
– Multiple security flaws in VMware Workstation and Fusion products have been disclosed, allowing threat actors to access sensitive information, trigger a denial-of-service condition, and execute code under specific circumstances.
– The vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and 13.5.2 respectively.
– Four specific vulnerabilities (CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270) have been detailed, each with its own potential exploits and impact.
– Temporary workarounds until patches are deployed include turning off Bluetooth support on the virtual machine and disabling the 3D acceleration feature.
– Notably, some of these vulnerabilities were demonstrated by STAR Labs SG and Theori at the Pwn2Own hacking contest in Vancouver.
– This advisory follows the recent release of patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws (CVE-2024-22252 and CVE-2024-22253).
Please let me know if there’s anything else you need from these meeting notes.