A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant.
On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability tracked as CVE-2023-34048 and a partial information disclosure flaw assigned CVE-2023-34056 that affect vCenter Server. The vendor warned that exploitation of the former flaw, which received a CVSS score of 9.8, could allow an attacker to gain…