VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host.
Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2 of Fusion and Fusion Pro.
In a Nov. 22 company security advisory, VMware said that researcher Tianwen Tang of the Qihoo 360 Vulcan Team uncovered the bug while participating in the Tianfu Cup 2018 International Pwn Contest.