CVE-2024-38811, a critical vulnerability in VMWare Fusion, allows users to execute code with standard privileges due to an insecure environment variable.
The vulnerability has a CVSSv3 base score of 8.8, underscoring its critical potential impact and the urgency for users to update their virtualization software.
Ransomware actors have leveraged VMWare products for initial access and digital extortion, with the new Cicada3301 variant exploiting VMWare ESXi vulnerabilities.
Following the report from Mykola Grymalyuk of RIPEDA Consulting, VMWare has released a patched version of the affected software to mitigate this vulnerability.
[
Collection
]
[
|
...
]