VMware patches virtualisation bugs – Naked Security


Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines (VMs).

VMware made its name offering server virtualisation products that recreate server hardware in software, allowing admins to run many virtual servers on the same physical box at once. Most ‘type one’ server hypervisors, including VMware’s, run directly on the bare metal instead of an installed operating system.

The company also has another strand to its business, though: ‘type two’ hypervisors that enable people to run guest operating systems in virtual machines (VMs) on their client devices, too. These let you run Windows or Linux on a Mac, for example. They work differently, running on top of the client operating system as applications, meaning that you don’t have to replace your core operating system to run VMs.

Finally, its desktop virtualisation system, called Horizon, puts the whole desktop environment on a server so that users can access it from anywhere.

Between them, these bugs affect all of these services in some way. CVE-2020-3950, which VMware gives as a CVSS v3 store of 7.3, affects version 11 of Fusion, its type 2 hypervisor for Macs. It’s a privilege elevation vulnerability stemming from the improper use of setuid binaries (setuid is a *nix tool that lets users run certain programs with elevated privileges). It also affects two other programs for the Mac: Versions 5 and prior of the Horizon client that lets Mac users log into virtual Horizon desktops, and version 11 and prior of the Virtual Machine Remote Console that lets Mac users access remote virtual machines.