Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating “Important”, with the last (CVE-2023-20869) is classed as “Critical”.

Success! @starlabs_sg used an uninitialized variable and UAF against VMWare Workstation. They earn $80,000 and 8 Master of Pwn points, pushing the prize total for #P2OVancouver past $1,000,000. #Pwn2Own pic.twitter.com/DEjgYcmphH

— Zero Day Initiative (@thezdi) March 24, 2023

The four …

contest critical critical flaw cve exploited flaw fusion important initiative march master pwn2own severity software twitter uaf update update now variable virtualisation vmware vmware workstation vulnerabilities workstation zero day initiative