Update March 28th 2019 – Release of VMware Security Advisory VMSA-2019-0005
Today VMware has released the following new security advisory:
VMSA-2019-0005 – VMware ESXi, Workstation and Fusion updates address multiple security issues
The advisory documents the remediation of the critical severity vulnerabilities which were demonstrated at Pwn2Own Vancouver 2019. These issues affect VMware ESXi, VMware Workstation and VMware Fusion, and may allow a guest to execute code on the host.
Customers should review the security advisory and direct any questions to VMware Support.
Update March 21st 2019
The Pwn2Own competition has finished for VMware. On Day 2 of Pwn2Own the Fluoroacetate team of Amat Cama and Richard Zhu again showed they could execute code on the VMware Workstation host from the guest. This issue differs from the issue which was demonstrated on Day 1. Having received the details we are currently investigating and are actively working on its remediation. We plan on publishing a VMware Security Advisory to provide information on updates for affected products.
Update March 20th 2019
On Day 1 of Pwn2Own the Fluoroacetate team of Amat Cama and Richard Zhu showed they could execute code on the VMware Workstation host from the guest. We are currently investigating the issue after having received the details. We are actively working on its remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products.
We would like to thank the Pwn2Own organisers and the Fluoroacetate team for working with us to address the issue.
We wanted to post a quick acknowledgement that VMware will have representatives in attendance at Pwn2Own Vancouver 2019 to review any vulnerabilities that may be demonstrated during the security contest. Stay tuned for further updates.
As always please sign up for our VMware Security Advisories here for new and updated information.