VMware closes severe and „root“-rated security flaw on macOS

Whatever you do with VMware-products on macOS, it is time for a security update as the vendor reported a serious security flaw targeting…

VMware closes severe and „root“-rated security flaw on macOS
VMware-Logo

Whatever you do with VMware-products on macOS, it is time for a security update as the vendor reported a serious security flaw targeting various products.

Entitled as CVE-2020–3974, VMware announced the fixes to a privilege escalation vulnerability affecting VMware Fusion (Pro), VMware Remote Console (VRMC) for Mac and the VMware Horizon Client for Mac. The issue was privately reported to VMware and contained the mentioned privilege escalation vulnerability due to an improper XPC Client validation. So whether you virtualize other OS on your Mac-workstation, access your virtual desktop through VMware Horizon or just take care of your VSphere-environment by using the Remote Console, your pointer should be on the „Update“-button.

VMware itself has evaluated the severity of this issue to be in the „Important“ severity-range with a maximum CVSSv3 base score of 7.8 which is, as you see, quite high. Once a system was affected, the successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root systems where Fusion, VMRC for Mac or Horizon Client for Mac is installed.

VMware Response Matrix

So far, there are no known workarounds for this issue so be sure you update your systems to the latest builds of the affected software components. These are VMware Fusion 11.5.5, VMware Remote Console for Mac 11.2.0 and VMware Horizon Client for Mac 5.4.3.