The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory highlighting the discovery of multiple zero-day vulnerabilities in VMware Workstation and Fusion software.
Identified as CVE-2024-22267, CVE-2024-22268, and CVE-2024-22269, these vulnerabilities pose severe security risks by allowing attackers to execute arbitrary code, trigger buffer overflows, and access sensitive information. Exploitation of these flaws could result in code execution, denial of service, and information disclosure.
According to the advisory, the vulnerabilities affect VMware Workstation 17.5.1 and VMware Fusion 13.5.1, with a high-risk buffer overflow attack vector identified. PTA has recommended users and administrators immediately upgrade to the latest versions of VMware Workstation and Fusion, which include patches for these vulnerabilities.
Users are also advised to avoid opening suspicious virtual machines or files that could be crafted to exploit these security gaps.
The advisory has urged organizations to test their systems for these vulnerabilities and apply necessary security patches or mitigation steps without delay. Implementing robust monitoring solutions to detect unusual activities or attempts to exploit these vulnerabilities is also recommended.
The advisory emphasizes the importance of establishing a proactive patch management process to ensure timely deployment of security updates across all software and systems. PTA advises educating users about the risks associated with zero-day vulnerabilities and the critical importance of keeping software up-to-date. In the event of a security incident, organizations are requested to report through the PTA CERT Portal and email.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.