Today VMware has released the following new security advisory:

VMSA-2016-0017 – VMware product updates address multiple information disclosure issues”

This addresses multiple information disclosure issues (CVE-2016-5328) in VMware Tools (versions 9.x and 10.x) running on Mac OS X VMs and (CVE-2016-5329) in VMware Fusion (versions 8.x).

Successful exploitation of these issues may allow a privileged local user on a system where System Integrity Protection (SIP) is enabled, to obtain kernel memory addresses to bypass the kASLR protection mechanism. SIP is default enabled in the latest versions of Mac OS X.

VMware would like to thank Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.