Search This Blog

Showing posts with label Local privilege escalation vulnerability. Show all posts

Privilege escalation vulnerability in VMware Workstatation and Player fixed

VMware, one of the popular virtual machine software, has issued security update for VMware Workstation and VMware Player patches a vulnerability(CVE-2013-5972) that could result in an escalation of privilege on Linux-based host machines.

"VMware Workstation and VMware Player contain a vulnerability in the handling of shared libraries. " the Security advisory reads.

The vulnerability allows a local attacker to escalate the privilege to root in the host OS.  The security flaw doesn't allow an attacker for privilege escalation from the Guest Operating System to the host or vice-versa.

VMware workstation 9.x versions and VMPlayer 6.x versions on Linux host machines are affected by this vulnerability.

Users are recommended to apply the patch.  Download the latest versions from here: 1https://www.vmware.com/go/downloadworkstation , 2.https://www.vmware.com/go/downloadplayer

Security Alert: Linux Kernel Privilege escalation exploit affects Android platform


Android Operating System is based on the Linux, means the vulnerabilities affecting Linux kernel have the possibility of being exploited in the Android platform.

It appears the recently discovered Linux local kernel privilege escalation vulnerability (CVE-2013-2094) is affecting the Android operating system.

According to Symantec researchers, the exploit for the kernel vulnerability has now been modified to work on Android platform. The security flaw allows hacker to gain complete control of the infected devices.

The researchers have warned that malware will take advantage of this exploit to access data from other apps, prevent users from uninstalling the malware, and allows them to send premium rate SMS.

We are not sure how much time Google will take to patch the bug. So, users are advised to download the apps only from trusted marketplaces.