VMware Fusion update fixes two holes

An update for VMware's Fusion software has patched two vulnerabilities that could allow a hacker to control or crash a user's computer.

Fusion allows VMware customers to run Windows applications on Intel-based Macs. The flaws affect all versions of the software running on Mac OS X prior to and including 2.0.5.

In an advisory published on Thursday, VMware warned that the two vulnerabilities affect the kernel of the software. One, a kernel code execution flaw, is caused by a file permission problem in the vmx86 kernel extension. The other, an integer overflow bug in the vmx86 kernel extension, could lead to a successful denial-of-service attack, the virtualization specialist said.

An attacker does not need administrative privileges to target these security holes.

VMware advised customers running the software on Mac OS X to download Fusion version 2.0.6 from VMware downloads. Customers may be entitled to a 12-month free subscription to McAfee VirusScan Plus 2009, depending on their version of Fusion. They should review their product release notes to verify whether they can get the free subscription, according to the advisory.

Talkback 0 comments

• Risk & Compliance Manager
• Advisory / Senior Consultant Security Governance , Risk & Compliance GBS
• Analyst / Consultant Security Governance Risk And compliance GBS
• Manager Risk Management, Compliance & Legal
• Compliance Information Security

TechGuides

A look at the Terminal Services Manager in Windows Server 2008

Terminal Services Manager has been around for a while, but Microsoft made some changes to the utility in Windows Server 2008. Here's what you'll find.

Read more »

Latest from Blog Central

Open source blog reloaded!

Read more »

Cutting-edge technology from premium sponsors

Brought to you by:

More Tech Showcases:

NetIQ Active Directory

Salesforce CRM

Cisco Collaboration