Broadcom has released updates addressing a high-severity vulnerability impacting VMware Fusion 13.x software hypervisor instances used for the concurrent operation of other operating systems in macOS, which could be leveraged for arbitrary code execution, reports SC Media.
Cybersecurity experts said immediate remediation of the issue, tracked as CVE-2024-38811, was crucial as potential exploitation, even without escalated privileges, could compromise not only the host system but also the running virtual machines.
ColorTokens Field Chief Technology Officer Venky Raju noted that potential compromise of SSH keys and API credentials in virtual machines used in the development process could occur. Such compromise risk across development and testing environments was also noted by SlashNext Field Chief Technology Officer Stephen Kowsky.
"To mitigate such threats, organizations should implement robust endpoint detection and response systems, employ advanced email security measures to prevent initial compromise, and maintain a proactive patching strategy," said Kowsky.