Network Security, Patch/Configuration Management, Vulnerability Management

VMware issues critical security update for Workstation and Fusion products

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host.

Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2 of Fusion and Fusion Pro.

In a Nov. 22 company security advisory, VMware said that researcher Tianwen Tang of the Qihoo 360 Vulcan Team uncovered the bug while participating in the Tianfu Cup 2018 International Pwn Contest.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

US automaker subjected to FIN7 attack

BlackBerry researchers disclosed that a major U.S.-based multinational automaker had been targeted by the FIN7 hacking group in a spear-phishing attack late last year that sought to facilitate systems compromise with the Anunak malware, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.