It wouldn’t be a day ending in Y if VMware didn’t release a patch that solved some major security bug.
From the other side of the fence, the software is extremely complicated. I’ve done work with emulators and I’m certain it was full of security bugs because your effort is focused on getting it working at all.
You might say it should be implemented in a memory safe systems language. I agree completely, but it costs too much to redevelop emulated hardware from scratch.
[This comment has been deleted by an automated system]
Wow, that’s a doozy, though. Remote access, low complexity and unauthenticated - and it grants remote code execution? Holy shit… I wonder what context the execution happens in (I’m guessing it’s bad if it’s being talked about as an emergency change)