VMware Fusion 11.5.12 and prior are vulnerable to an elevation of privilege vulnerability. For more details please review the advisory and proof of concept on my Github page CVE-2020-3950.sh. VMware released a the patch last week and a public advisory VMSA-2020-0005 today however it has been determined that the patch does not properly fix the vulnerability. I reached out to the VMware security team and received a response at 10:31 UTC 2020-03-18 – “We are aware of the situation and working on the next steps”.

I also learned today that Jeff Ball at GRIMM also independently discovered and reported the vulnerability to VMware.  This is a first for me. Make sure to read their excellent detailed write-up https://blog.grimm-co.com/post/analyzing-suid-binaries/. You can also follow the thread on Twitter.

Related Articles