VMware Fusion – a virtualization software product that allows computers running the Mac OS with Intel processors to simultaneously run another operating system – has been updated to address numerous bugs, along with some minor security issues.
According to the update notes from VMware, the newly released Fusion 3.1.2 resolves the following know security-related issues for machines running the software:
- The way temporary files are handled by the mounting process could result in a race condition. This issue could allow a local user on the host to elevate their privileges. Windows-based host systems are not affected.
- vmware-mount, which is a SUID binary, has a flaw in the way libraries are loaded. This issue could allow local users on the host to execute arbitrary shared object files with root privileges. Windows-based host systems are not affected.
- A vulnerability in the input validation of VMware Tools update allows for injection of commands. This issue could allow a user on the host to execute commands on the guest operating system with root privileges. The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected.
Mac security specialist Intego, in a recent blog posting, said the Fusion security fixes were not critical. The firm, however, did recommend updating to version 3.1.2 as soon as possible, as the update resolves more than 50 known bugs.
The update, Intego noted, can be installed using the program’s built-in auto-update facility.