"VMware Fixes Critical Security Vulnerabilities in Workstation and Fusion Products"
Security vulnerabilities in VMware Workstation and Fusion products can be exploited by threat actors to access sensitive information, cause denial-of-service (DoS) attacks, and execute code. These flaws impact Workstation versions 17.x and Fusion versions 13.x, with fixes included in version 17.5.2.
On May 14, 2024, multiple security flaws were disclosed in VMware Workstation and Fusion products that could be exploited by threat actors.
The vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x. Fixes are available in version 17.5.2 and 13.5.2, respectively. The flaws include a use-after-free vulnerability in the Bluetooth device, a heap buffer-overflow vulnerability in the Shader functionality, an information disclosure vulnerability in the Bluetooth device, and an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality.
Users are advised to turn off Bluetooth support on the virtual machine and disable the 3D acceleration feature as temporary workarounds. It is important to update to the latest version to address the vulnerabilities. These flaws were previously demonstrated at the Pwn2Own hacking contest.