Article 6K522 VMware sandbox escape bugs are so critical, patches are released for end-of-life products

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

by
Dan Goodin
from Ars Technica - All content on (#6K522)
cloud-computing-800x534.jpeg

Enlarge (credit: Getty Images)

VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products.

A constellation of four vulnerabilities-two carrying severity ratings of 9.3 out of a possible 10-are serious because they undermine the fundamental purpose of the VMware products, which is to run sensitive operations inside a virtual machine that's segmented from the host machine. VMware officials said that the prospect of a hypervisor escape warranted an immediate response under the company's IT Infrastructure Library, a process usually abbreviated as ITIL.

Emergency change"

In ITIL terms, this situation qualifies as an emergency change, necessitating prompt action from your organization," the officials wrote in a post. However, the appropriate security response varies depending on specific circumstances."

Read 8 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments