VMware has released an update to address a privilege escalation flaw in VMware for the macOS version of Fusion that was introduced by a previous patch.
In March, VMware patched a high-severity privilege escalation vulnerability (CVE-2020-3950) in Fusion, Remote Console (VMRC) and Horizon Client for Mac.
The CVE-2020-3950 is a privilege escalation vulnerability caused by the improper use of setuid binaries, it could be exploited by attackers to escalate privileges to root.
The flaw was reported by Jeffball of GRIMM and Rich Mirch, VMware assigned it a CVSSv3 base score of 7.3 and rated it as Important severity. The issue impacts Fusion (11.x before 11.5.2), Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) macOS apps.
Mirch and Jeffball, immediately noted that the patch issued by VMware was incomplete, VMware confirmed it a few days later and released a new patch at the end of March. Unfortunately the new fix introduced a new security issue.
The vulnerability introduced by the second patch, tracked as CVE-2020-3957, is a time-of-check time-of-use (TOCTOU) issue that could allow attackers with low permissions to execute arbitrary code with root privileges.
Last week, the company releases version 11.5.5, but the issue for VMRC and Horizon Client for Mac are yet to be approved.
(SecurityAffairs – Fusion, cybersecurity)
