Security & Privacy + Software & Apps

We recently reported on a vulnerability affecting VMware Fusion, whereby “A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.” Macworld’s Rob Griffiths has looked into this, and paints a frightening picture. This flaw allows code run in a guest operating system (for example, Windows that you run on your Mac in Fusion) to affect the host (your Mac). A security researcher has made a video demonstrating this, showing how one version of Windows run in virtualization can cause a host version of Windows to perform actions.

For now, there are no exploits – either in the wild or proof of concept – that can exploit this vulnerability on Macs. But the mere ability of this to happen adds new risks to Mac users. In the past, Mac users thought there was a Chinese wall between Mac OS X and Windows, when they run it in virtualization. This flaw proves that the wall is porous, and that Mac users need to be very careful when running Windows in any form. VMware has updated Fusion, and all Mac users should download that update and install it immediately. But if one vulnerability can be found that can jump through this wall, you can be sure that others will be found as well.