VMware Patches VM Escape Flaw Exploited at Geekpwn Event By Orbit Brain December 14, 2022 0 384 viewsCyber Security News House › CyberwarfareVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionBy Ryan Naraine on December 13, 2022TweetVirtualization know-how large VMware on Tuesday shipped pressing updates to repair a trio of safety issues in a number of software program merchandise, together with a digital machine escape bug exploited on the GeekPwn 2022 hacking problem.The VM escape flaw, documented as CVE-2022-31705, was exploited by Ant Safety researcher Yuhao Jiang on programs working absolutely patched VMware Fusion, ESXi and Workstation merchandise. The exploit took the highest prize at Geekpwn, a hacking contest run by China-based Tencent Eager Safety Lab.In a safety bulletin issued Tuesday, VMWare slapped a CVSS severity ranking of 9.3/10 and warned {that a} malicious actor with native administrative privileges on a digital machine could exploit this difficulty to execute code because the digital machine’s VMX course of working on the host“On ESXi, the exploitation is contained inside the VMX sandbox whereas, on Workstation and Fusion, this will likely result in code execution on the machine the place Workstation or Fusion is put in,” VMware added.[ Read: VMware Confirms Workspace One Exploits in the Wild ]VMware documented the bug as a heap out-of-bounds write vulnerability within the USB 2.zero controller (EHCI).The corporate additionally launched fixes cowl a pair of command injection and listing traversal bugs affecting the VMware vRealize Community Perception (vRNI) product.“[The] vRealize Community Perception (vRNI) accommodates a command injection vulnerability current within the vRNI REST API. VMware has evaluated the severity of this difficulty to be within the important severity vary with a most CVSSv3 base rating of 9.8,” the corporate mentioned in a critical-severity advisory.“A malicious actor with community entry to the vRNI REST API can execute instructions with out authentication,” VMware added.Associated: NSA Outs Chinese language Hackers Exploiting Citrix Zero-DayAssociated: Exploit Code Revealed for Essential VMware Safety FlawAssociated: Fortinet Ships Emergency Patch for Already-Exploited VPN FlawGet the Day by day Briefing Most LatestMost LearnPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsAdobe Patches 38 Flaws in Enterprise Software program MerchandiseVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionMapping Risk Intelligence to the NIST Compliance FrameworkNSA Outs Chinese language Hackers Exploiting Citrix Zero-DaySnyk Raises $196.5 Million at $7.four Billion ValuationPasskeys Now Totally Supported in Google ChromeRansomware Group Threatens to Publish Knowledge Stolen From California Division of FinanceNew Python-Based mostly Backdoor Focusing on VMware ESXi ServersTwitter Responds to Latest Knowledge Leak ReviewsIn search of Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureHow one can Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingHow one can Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise code execution CVE-2021-22005 CVE-2022-31705 cvss ESXi geekpwn high-risk keen team patches Tencent updates vcenter server virtualization vmware vmx sandbox vulnerability Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Musk Now Gets Chance to Defeat Twitter’s Many Fake AccountsIntroducing the Cyber Security News Musk Now Gets Chance to Defeat Twitter’s Many Fake Accounts.... November 1, 2022 Cyber Security News
CIA Coder Convicted of Massive Leak of US Hacking ToolsIntroducing the Cyber Security News CIA Coder Convicted of Massive Leak of US Hacking Tools.... July 14, 2022 Cyber Security News
Apple Paid Out $20 Million via Bug Bounty ProgramIntroducing the Cyber Security News Apple Paid Out $20 Million via Bug Bounty Program.... October 28, 2022 Cyber Security News
Darwinium Raises $10 Million for Customer Protection PlatformIntroducing the Cyber Security News Darwinium Raises $10 Million for Customer Protection Platform.... November 7, 2022 Cyber Security News
Over 50,000 Revolut Customers Affected by Data BreachIntroducing the Cyber Security News Over 50,000 Revolut Customers Affected by Data Breach.... September 21, 2022 Cyber Security News
Chrome 109 Patches 17 VulnerabilitiesIntroducing the Cyber Security News Chrome 109 Patches 17 Vulnerabilities.... January 11, 2023 Cyber Security News