Broadcom has released updates addressing a high-severity vulnerability impacting VMware Fusion 13.x software hypervisor instances used for the concurrent operation of other operating systems in macOS, which could be leveraged for arbitrary code execution, reports SC Media.
Immediate remediation of the issue, tracked as CVE-2024-38811, was regarded by cybersecurity experts to be crucial as potential exploitation even without escalated privileges could compromise not only the host system but also the running virtual machines, with ColorTokens Field Chief Technology Officer Venky Raju noting potential compromise of SSH keys and API credentials in virtual machines used in the development process. Such compromise risk across development and testing environments was also noted by SlashNext Field Chief Technology Officer Stephen Kowsky.
"To mitigate such threats, organizations should implement robust endpoint detection and response systems, employ advanced email security measures to prevent initial compromise, and maintain a proactive patching strategy," said Kowsky.