• IllNessOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.

    The vulnerability allows a user with standard privileges to execute code within the Fusion application.