VMware Fusion update fixes two holes

The software, which allows Windows apps to run on Macs, has flaws that could allow an attacker to hack into a user's system or cause a malfunction
Written by Tom Espiner, Contributor

An update for VMware's Fusion software has patched two vulnerabilities that could allow a hacker to control or crash a user's computer.

Fusion allows VMware customers to run Windows applications on Intel-based Macs. The flaws affect all versions of the software running on Mac OS X prior to and including 2.0.5.

In an advisory published on Thursday, VMware warned that the two vulnerabilities affect the kernel of the software. One, a kernel code execution flaw, is caused by a file permission problem in the vmx86 kernel extension. The other, an integer overflow bug in the vmx86 kernel extension, could lead to a successful denial-of-service attack, the virtualisation specialist said.

An attacker does not need administrative privileges to target these security holes.

VMware advised customers running the software on Mac OS X to download Fusion version 2.0.6 from VMware downloads. Customers may be entitled to a 12-month free subscription to McAfee VirusScan Plus 2009, depending on their version of Fusion. They should review their product release notes to verify whether they can get the free subscription, according to the advisory.

Editorial standards