VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more

VMware Patches Critical ESXi Sandbox Escape Flaws

March 5, 2024 at 02:12PM VMware issued critical patches for multiple high-severity vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation products. The flaws could allow code execution on the host machine and escape sandbox mitigations. Two bugs hold a severity score of 9.3, leading VMware to patch even end-of-life products due to the increased risk. … Read more