One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat (APT) for years before a patch became available.
It was all-hands-on-deck in October when news first broke of CVE-2023-34048, a 9.8 out of 10 “critical” CVSS-rated out-of-bounds write vulnerability affecting vCenter Server, VMware’s centralized platform for managing virtual environments. In a sign of just how severe this particular issue was, VMware went so far…