{"id":5118,"date":"2024-09-03T10:58:28","date_gmt":"2024-09-03T15:58:28","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81613"},"modified":"2024-09-03T10:58:28","modified_gmt":"2024-09-03T15:58:28","slug":"vmware-releases-fusion-vulnerability-with-8-8-rating","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/03\/vmware-releases-fusion-vulnerability-with-8-8-rating\/","title":{"rendered":"VMWare releases Fusion vulnerability with 8.8 rating"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/vmware-vulnerability-fushion-cve-2024-38811\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<header class=\"site-header\" aria-label=\"Scoop News Group Header\" role=\"banner\"> <\/header>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"7\">\n<p>Voting is open for the 2024 CyberScoop 50 awards!&nbsp;<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"0.91428571428571\">\n<div class=\"single-article__header-content\" readability=\"5.9285714285714\">\n<p> The company issued a patch for the high-severity bug that allows arbitrary code execution. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=1024,681 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=253,168 253w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=507,337 507w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=1015,675 1015w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-2.jpg?resize=1267,843 1267w\" sizes=\"(max-width: 1015px) 100vw, 1015px\"><figcaption> The logo of American cloud computing and virtualization technology company VMware. (Photo by Josep LAGO \/ AFP) (Photo by JOSEP LAGO\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"7.1001838235294\"><body readability=\"14.551122194514\"><\/p>\n<p>A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom.<\/p>\n<p>The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug \u2014 <a href=\"https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/24939'\">CVE-2024-38811<\/a> \u2014 has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.<\/p>\n<p>The vulnerability allows a user with standard privileges to execute code within the Fusion application.<\/p>\n<p>Ransomware actors have long used VMWare products for initial access and further digital extortion. The new ransomware variant <a href=\"https:\/\/cyberscoop.com\/cicada3301-ransomware-morphisec-blackcat-alphv\/\">Cicada3301<\/a> is known to use a vulnerability in VMWare ESXi systems.&nbsp;<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.7614035087719\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/vmware-releases-fusion-vulnerability-with-8-8-rating-1.jpg?w=640&#038;ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&amp;E News at POLITICO covering cybersecurity in the energy sector. Reach out:&nbsp; christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"single-article__sticky-ads\">\n<div class=\"ad ad--sidebar ad--rightrail_4 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/p><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<footer class=\"site-footer\"> <\/footer>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<div class=\"welcome__ad_top_row\"> <a class=\"logox\" href=\"https:\/\/cyberscoop.com\"> <img decoding=\"async\" class=\"site-header__logo site-header__logo--fed\" itemprop=\"logo\" src=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/svg\/logo-cyber.svg\" alt=\"CyberScoop\"> <\/a> <button id=\"close-modal-2\" class=\"welcome__close-button\"> Close Ad <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <\/button> <\/div>\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <a href=\"https:\/\/cyberscoop.com\/vmware-vulnerability-fushion-cve-2024-38811\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Skip to main content Advertisement Advertisement Voting is open for<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,288,2587,643,2281],"tags":[86,294,2588,645,2283],"class_list":["post-5118","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-threats","category-vmware","category-vulnerabilities","category-vulnerability","tag-cybersecurity","tag-threats","tag-vmware","tag-vulnerabilities","tag-vulnerability"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vmware\/\" rel=\"category tag\">vmware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a>","tag_info":"vulnerability","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5118"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5118\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}