Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

VMware fixes two "key" loopholes for which experts receive a reward of $80,000

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

CTOnews.com, April 26, VMWare released a security update today to fix two "critical" zero-day vulnerabilities. These two vulnerabilities are exploited by attackers to allow Workstation and Fusion software to run arbitrary code.

These two zero-day vulnerabilities were discovered by the STAR Labs security team, who publicly demonstrated them at the Pwn2Own Vancouver 2023 hacker contest a month ago.

According to industry rules, security experts have 90 days to fix both vulnerabilities before they are fully disclosed.

Two vulnerability information is attached to CTOnews.com as follows:

The first vulnerability, numbered CVE-2023-20869, exists in Bluetooth device sharing and is a stack-based buffer overflow vulnerability that allows local attackers to execute code while running the virtual machine's VMX process on the host.

The second vulnerability, numbered CVE-2023-20870, also exists in the Bluetooth device function where malicious actors can read privileged information contained in the hypervisor memory from VM.

The STAR Labs security team won a reward of $80000 and eight Master of Pwn points for discovering these two vulnerabilities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report