At the recent Pwn2Own hacking contest in Berlin, Broadcom's cybersecurity team confirmed three successful attacks on the VMware hypervisor, marking a significant breach. Nguyen Hoang Thach was notable for being the first to exploit VMware ESXi using a single integer overflow exploit. Subsequently, Corentin Bayet and later Thomas Bouzerar, alongside Etienne Helluy-Lafont, also exploited ESXi and VMware Workstation, respectively. Broadcom is currently working on remediation and plans to publish a VMware Security Advisory; however, their strategy could create support gaps for users with expired contracts.
"This is the first time VMware ESXi was exploited in the Pwn2Own hacking event," Praveen Singh and Monty Ijzerman, from the product security and incident response team in the VMware Cloud Foundation division of Broadcom, wrote on the company's website.
"This was the first time in Pwn2Own's history, stretching back to 2007, that the hypervisor has been successfully exploited," he wrote, adding that the hacker was able to deploy a single integer overflow exploit.
"We plan to publish a VMware Security Advisory to provide information on updates for the affected products," they said.
...some VMware users with gaps in their security, especially if their support contract is up for renewal.
Collection
[
|
...
]