Security Hero Rotating Header Image

Mac Exploit Enters System Through VMWare

Mac Exploit Enters System Through VMWare

A bug in VMware’s Fusion virtualization software could be used to run malicious code on a Mac by exploiting Windows in a virtual machine, a security researcher said last week. VMware has released Fusion 2.0.4 to plug the hole.

According to Kostya Kortchinsky, an exploit researcher at Immunity Inc., a critical vulnerability in VMware’s virtual machine display function can be used to read and write memory on the “host” operating system — the OS running the physical hardware.

Kortchinsky crafted an exploit for Immunity’s customers — the Miami-based company is best-known for its Canvas penetration testing tool — and posted a video clip that demonstrates an attack on a machine running Windows Vista Service Pack 1 (SP1) as the host operating system, and Windows XP as the “guest,” the OS running in a virtual machine.


Leave a Reply

Your email address will not be published. Required fields are marked *