Last Updated: 2009-10-02 18:19:27 UTC
by Stephen Hall (Version: 1)
VMWare have informed us that an update is available for their Apple Mac version of their VMWare environment, VMWare Fusion.
The update fixes a vulnerability found in all versions of VMWare Fusion, so if you use this product, it is time to update. A vulnerability for one of the issues has been published.
The published vulnerability apparently produces a remote shell with root privileges but I have not tested it at this time.
The exploit writer comments:
"The vmx86 kext ioctl handler permits an unprivileged userland program to initialize several function pointers via the 0x802E564A ioctl code. These function pointers are later used from several reachable locations within the driver, one of which is called immediately after initialization."