• darvocet@infosec.pub
    link
    fedilink
    arrow-up
    6
    arrow-down
    2
    ·
    1 year ago

    It wouldn’t be a day ending in Y if VMware didn’t release a patch that solved some major security bug.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      From the other side of the fence, the software is extremely complicated. I’ve done work with emulators and I’m certain it was full of security bugs because your effort is focused on getting it working at all.

      You might say it should be implemented in a memory safe systems language. I agree completely, but it costs too much to redevelop emulated hardware from scratch.

  • flambonkscious@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Wow, that’s a doozy, though. Remote access, low complexity and unauthenticated - and it grants remote code execution? Holy shit… I wonder what context the execution happens in (I’m guessing it’s bad if it’s being talked about as an emergency change)