"VMware Patches High-Severity Code Execution Flaw in Fusion"
Virtualization software technology vendor VMware recently announced a security update for its Fusion hypervisor to address a high-severity vulnerability that exposes users to code execution exploits. The root cause of the issue, which is tracked as CVE-2024-38811 (CVSS 8.8/10), is an insecure environment variable. VMware noted that the CVE-2024-38811 defect could be exploited to execute code in the context of Fusion, which could potentially lead to complete system compromise. The vulnerability impacts VMware Fusion versions 13.x and was addressed in version 13.6 of the application.
SecurityWeek reports: "VMware Patches High-Severity Code Execution Flaw in Fusion"
Submitted by Adam Ekwall
on