New VMware Security Advisory VMSA-2016-0017

New VMware Security Advisory VMSA-2016-0017

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Today VMware has released the following new security advisory:

VMSA-2016-0017 – VMware product updates address multiple information disclosure issues”

This addresses multiple information disclosure issues (CVE-2016-5328) in VMware Tools (versions 9.x and 10.x) running on Mac OS X VMs and (CVE-2016-5329) in VMware Fusion (versions 8.x).

Successful exploitation of these issues may allow a privileged local user on a system where System Integrity Protection (SIP) is enabled, to obtain kernel memory addresses to bypass the kASLR protection mechanism. SIP is default enabled in the latest versions of Mac OS X.

VMware would like to thank Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

The post New VMware Security Advisory VMSA-2016-0017 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *