VMware Patches VM Escape Flaw Exploited at Geekpwn Event By Orbit Brain December 14, 2022 0 391 views Cyber Security News House › CyberwarfareVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionBy Ryan Naraine on December 13, 2022TweetVirtualization know-how large VMware on Tuesday shipped pressing updates to repair a trio of safety issues in a number of software program merchandise, together with a digital machine escape bug exploited on the GeekPwn 2022 hacking problem.The VM escape flaw, documented as CVE-2022-31705, was exploited by Ant Safety researcher Yuhao Jiang on programs working absolutely patched VMware Fusion, ESXi and Workstation merchandise. The exploit took the highest prize at Geekpwn, a hacking contest run by China-based Tencent Eager Safety Lab.In a safety bulletin issued Tuesday, VMWare slapped a CVSS severity ranking of 9.3/10 and warned {that a} malicious actor with native administrative privileges on a digital machine could exploit this difficulty to execute code because the digital machine’s VMX course of working on the host“On ESXi, the exploitation is contained inside the VMX sandbox whereas, on Workstation and Fusion, this will likely result in code execution on the machine the place Workstation or Fusion is put in,” VMware added.[ Read: VMware Confirms Workspace One Exploits in the Wild ]VMware documented the bug as a heap out-of-bounds write vulnerability within the USB 2.zero controller (EHCI).The corporate additionally launched fixes cowl a pair of command injection and listing traversal bugs affecting the VMware vRealize Community Perception (vRNI) product.“[The] vRealize Community Perception (vRNI) accommodates a command injection vulnerability current within the vRNI REST API. VMware has evaluated the severity of this difficulty to be within the important severity vary with a most CVSSv3 base rating of 9.8,” the corporate mentioned in a critical-severity advisory.“A malicious actor with community entry to the vRNI REST API can execute instructions with out authentication,” VMware added.Associated: NSA Outs Chinese language Hackers Exploiting Citrix Zero-DayAssociated: Exploit Code Revealed for Essential VMware Safety FlawAssociated: Fortinet Ships Emergency Patch for Already-Exploited VPN FlawGet the Day by day Briefing Most LatestMost LearnPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsAdobe Patches 38 Flaws in Enterprise Software program MerchandiseVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionMapping Risk Intelligence to the NIST Compliance FrameworkNSA Outs Chinese language Hackers Exploiting Citrix Zero-DaySnyk Raises $196.5 Million at $7.four Billion ValuationPasskeys Now Totally Supported in Google ChromeRansomware Group Threatens to Publish Knowledge Stolen From California Division of FinanceNew Python-Based mostly Backdoor Focusing on VMware ESXi ServersTwitter Responds to Latest Knowledge Leak ReviewsIn search of Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureHow one can Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingHow one can Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise code execution CVE-2021-22005 CVE-2022-31705 cvss ESXi geekpwn high-risk keen team patches Tencent updates vcenter server virtualization vmware vmx sandbox vulnerability Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Iran Arrests News Agency Deputy After Reported CyberattackIntroducing the Cyber Security News Iran Arrests News Agency Deputy After Reported Cyberattack.... December 7, 2022 Cyber Security News
Insurance Giant Lloyd’s of London Investigating Cybersecurity IncidentIntroducing the Cyber Security News Insurance Giant Lloyd’s of London Investigating Cybersecurity Incident.... October 7, 2022 Cyber Security News
Organizations Warned of Critical Vulnerabilities in NetModule RoutersIntroducing the Cyber Security News Organizations Warned of Critical Vulnerabilities in NetModule Routers.... August 10, 2022 Cyber Security News
Samba Patches Vulnerability That Can Lead to DoS, Remote Code ExecutionIntroducing the Cyber Security News Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution.... November 18, 2022 Cyber Security News
Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control SystemsIntroducing the Cyber Security News Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems.... January 17, 2023 Cyber Security News
Ukraine Says Russia Planning ‘Massive Cyberattacks’ on Critical InfrastructureIntroducing the Cyber Security News Ukraine Says Russia Planning ‘Massive Cyberattacks’ on Critical Infrastructure.... September 26, 2022 Cyber Security News