Indian cyber agency warns about multiple bugs in VMware products
The Indian Computer Emergency Response Team (CERT-In) has issued fresh alerts for users, this time about multiple vulnerabilities being reported in the products of enterprise cloud services provider VMware.
New Delhi, July 19 (IANS) The Indian Computer Emergency Response Team (CERT-In) has issued fresh alerts for users, this time about multiple vulnerabilities being reported in the products of enterprise cloud services provider VMware.
CERT-In found bugs in VMware ESXi and Cloud Foundation, which could be exploited by an attacker to gain access to sensitive information.
"These vulnerabilities exist in VMware ESXi and Cloud Foundation due to the Intel and AMD processors it utilises. An attacker with administrative access to a virtual machine could exploit these vulnerabilities by taking advantage of various side-channel CPU flaws," the cyber agency warned.
Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host, it added.
The other 'Branch Type Confusion' vulnerability can help attacker with administrative access to a virtual machine take advantage of various side-channel CPU flaws.
The cyber agency has suggested users to apply appropriate updates as provided by the company.
In May, chip and software maker Broadcom announced to acquire VMware in a cash-and-stock deal valued at $61 billion.
CERT-In also reported fresh bugs in Adobe Photoshop and Acrobat that could allow an attacker to execute arbitrary code and obtain sensitive information on the targeted system.
"These vulnerabilities exist in Adobe Photoshop due to access to an uninitialized pointer and use-after-free error. An attacker could exploit these vulnerabilities by persuading a victim to open a specially-crafted document on the targeted system," said the cyber agency.