CVE-2024-38811: Code Execution Vulnerability Discovered in VMware Fusion

A high-severity security vulnerability (CVE-2024-38811, CVSS 8.8) has been identified in VMware Fusion, a popular virtualization software for macOS. The vulnerability, discovered by Mykola Grymalyuk of RIPEDA Consulting, could allow a malicious actor with standard user privileges to execute arbitrary code within the context of the Fusion application.

The vulnerability stems from the use of an insecure environment variable within VMware Fusion, a tool widely used by MacOS users to run virtual machines. This weakness could allow a malicious actor with standard user privileges to execute arbitrary code within the context of the Fusion application. Such an exploit could potentially lead to unauthorized access, data breaches, or further system compromise, depending on the nature of the code executed.

The vulnerability affects VMware Fusion version 13.x running on the MacOS platform. Users running these versions are at risk and should take immediate action to protect their systems.

VMware has responded swiftly to this critical flaw by releasing a patched version of the software, VMware Fusion 13.6. Users are strongly advised to update their installations to this version to mitigate the risk posed by CVE-2024-38811.

Related Posts:

• VmWare release the patch to fix use-after-free and integer-overflow vulnerabilities
• VmWare releases the patch to fix CPU vulnerabilities in VMware ESXi, Workstation and Fusion
• VMware Addresses Critical Security Vulnerabilities in Workstation and Fusion
• VMware Issues Critical Patches for ESXi, Workstation, Fusion, & Cloud Foundation