VMware Patches Workstation Flaw Disclosed at Hacking Contest
VMware Fixes Vulnerability That Earned Researcher $100,000 at Hacking Contest
VMware has patched a vital Workstation and Fusion vulnerability disclosed just lately by way of a researcher at a hacking pageant in China.
The safety hollow, tracked as CVE-2018-6983, was once demonstrated ultimate week by way of Tianwen Tang of Qihoo 360’s Vulcan Team at the Tianfu Cup PWN pageant. The white hat hacker earned $100,000 for his paintings.
It’s value noting that contributors won over $1 million for 30 vulnerabilities disclosed at the Tianfu Cup match, together with $120,000 for 2 Oracle VirtualField exploit chains.
The flaw affecting VMware Workstation and Fusion has been described as an integer overflow malicious program affecting digital community units. Exploiting this weak spot can permit a visitor to execute arbitrary code at the host.
The vulnerability impacts Workstation 14.x and 15.x on any platform, and Fusion 10.x and 11.x on macOS. Patches were launched for each and every of the impacted variations on November 22, lower than every week after disclosure.
VMware knowledgeable shoppers ahead of the beginning of the hacking pageant that it had despatched representatives to the development to check any vulnerabilities that can be demonstrated.
This isn’t the primary vulnerability patched by way of VMware this month after it was once disclosed at a hacking pageant in China. On November nine, the corporate notified shoppers of fixes for a vital digital system (VM) get away vulnerability offered by way of a researcher in past due October at the GeekPwn2018 pageant.