Vulnerability Management

Broadcom patches high-severity VMware Fusion flaw allowing local privilege escalation

Signage is displayed outside the Broadcom offices on June 7, 2018, in San Jose, Calif. (Photo by Justin Sullivan/Getty Images)

According to Security Affairs, Broadcom has released a critical security update for VMware Fusion to address a high-severity vulnerability, identified as CVE-2026-41702. This flaw could permit local attackers to escalate their privileges to root on affected systems.

The vulnerability is a time-of-check time-of-use (TOCTOU) flaw affecting operations performed by a SETUID binary. A local attacker with non-administrative privileges can exploit this bug to gain root access on a system where VMware Fusion is installed. Successful exploitation allows attackers with limited access to achieve complete control over vulnerable machines, significantly increasing the risk from compromised user accounts or insider threats. TOCTOU vulnerabilities arise when a system checks a resource's state and then uses it without verifying that the state hasn't changed.

VMware Fusion is commonly used by developers, IT professionals, and security researchers on macOS. While this vulnerability requires local access and doesn't expose systems to direct remote compromise, privilege escalation remains a critical concern for attackers.

Source: Security Affairs

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds