Today, VMware has released the following new security advisory:
“VMSA-2017-0011 – Horizon View Client update addresses a command injection vulnerability”
This documents an important severity command injection vulnerability (CVE-2017-4918) in the service startup script that affects VMware Horizon View Client for Mac (versions 2.x, 3.x and 4.x ).
Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OS X system where the client is installed.
VMware Horizon View Client for Mac 4.5.0 fixes this issue.
We would like to thank Florian Bogner from Kapsch BusinessCom AG for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.