Cybersecurity

VMWare releases Fusion vulnerability with 8.8 rating

The company issued a patch for the high-severity bug that allows arbitrary code execution.

September 3, 2024

The logo of American cloud computing and virtualization technology company VMware. (Photo by Josep LAGO / AFP) (Photo by JOSEP LAGO/AFP via Getty Images)

A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom.

The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.

The vulnerability allows a user with standard privileges to execute code within the Fusion application.

Ransomware actors have long used VMWare products for initial access and further digital extortion. The new ransomware variant Cicada3301 is known to use a vulnerability in VMWare ESXi systems.

VMWare releases Fusion vulnerability with 8.8 rating

More Like This

CISA warns of hackers exploiting bug for end-of-life Ivanti product

British teen arrested over cyberattack on London transportation agency

Here’s what Microsoft fixed in September’s Patch Tuesday

Top Stories

Cybersecurity, disinformation dominates hearing on elections

US accuses RT, others of covert arms dealing, global influence operations

Latest Podcasts

We’re back! RunSafe CEO Joe Saunders on secure-by-design in IoT devices

Ted Schlein on the cybersecurity industry and the latest twist in the Trump-Iran hacking saga

Hack-and-leak op targets Trump; a technical deep dive with John Hammond on the CrowdStrike outage

A deep dive with Tim Starks on the Biden administration’s cybersecurity initiatives

Government

Technology

Threats

Geopolitics