Earlier this week, VMware announced the correction of multiple critical vulnerabilities in products such as VMware ESXi, Workstation and Fusion, most of them reported during last year’s Tianfu Cup ethical hacking summit in China.
During the event he highlighted the work of the Kunlun Lab hacking team, which won rewards of more than $650,000 USD for their work demonstrating the exploitation of some of these flaws.
Below is a brief description of the failures addressed according to a company report:
The firm has also announced some alternative solutions for administrators who cannot update their implementations at the moment, in addition to recommending that clients apply the measures they consider necessary as soon as possible since the successful exploitation of these failures could result in catastrophic scenarios.
Finally, VMware mentioned that these failures were notified to the Chinese government, in compliance with a recently enacted law that states that Chinese researchers who find zero-day vulnerabilities must notify government agencies and manufacturers of the affected technology directly. Researchers will not be able to sell this information to third parties outside of China unrelated to the manufacturer/developer.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.