CSO Online

VMware patches critical flaws that could allow attackers to escape VMs

by
VMware patches critical flaws that could allow attackers to escape VMs

VMware has released fixes for several flaws that together could allow attackers to execute malicious code on the host system from inside a virtual machine, bypassing the critical isolation layer. Some of the flaws are in the virtualized USB controllers, so they impact most VMware hypervisors: VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud … Read more

Chinese cyberspies exploited critical VMware vCenter flaw undetected for 1.5 years

by
Chinese cyberspies exploited critical VMware vCenter flaw undetected for 1.5 years

In October, VMware fixed a critical remote code execution vulnerability in its vCenter Server (CVE-2023-34048) and Cloud Foundation enterprise products that are used to manage virtual machines across hybrid clouds. It has now come to light that a Chinese cyberespionage group had been exploiting the vulnerability for 1.5 years before the patch became available. “These … Read more