Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security
Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine. The bug, disclosed here, is designated CVE-2018-6974. The out-of-bounds read is present in the products' SVGA video device emulation, and if exploited, allows software within a guest operating system to execute code on the host machine. In other words,...