VMware Fusion Vulnerability Let Attackers Escalate Privilege to Root
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A high-severity privilege escalation vulnerability has been discovered in VMware Fusion, Broadcom\u2019s popular macOS<\/a> virtualization software, allowing local attackers to gain root-level access on affected systems.<\/p>\n Tracked as CVE-2026-41702, the flaw was privately reported to Broadcom and patched on May 14, 2026, under security advisory VMSA-2026-0003.<\/p>\n The vulnerability stems from a TOCTOU (Time-of-Check Time-of-Use) race condition that occurs during an operation performed by a SETUID binary within VMware Fusion.<\/p>\n TOCTOU flaws exploit the gap between when a program checks a resource\u2019s state and when it actually uses it, and an attacker can manipulate that window to inject malicious changes and hijack elevated operations.<\/p>\n Any user running VMware Fusion version 25H2 on macOS is affected. The attack requires only local, non-administrative user privileges, no admin rights, and no remote access needed.<\/p>\n A malicious actor already present on the machine, such as a low-privileged insider or a process running under a standard user account, could exploit this flaw to escalate privileges to root.<\/p>\n In shared macOS environments, development workstations, or enterprise endpoints running Fusion, even a limited foothold could translate into complete system compromise.<\/p>\n Broadcom confirmed that no workarounds exist<\/a> for CVE-2026-41702. The only remediation is to apply the available patch.<\/p>\n Users on VMware Fusion 25H2 must upgrade to version 26H1, where the fix has been applied. Broadcom credited Mathieu Farrell (@coiffeur0x90) for responsibly disclosing the vulnerability through private reporting.<\/p>\n Given the absence of mitigating controls, organizations and individual users relying on VMware Fusion should treat this as a priority update.<\/p>\n SETUID-related TOCTOU vulnerabilities are well-documented attack paths that threat actors and red teamers actively exploit<\/a> for local privilege escalation.<\/p>\n Security teams should audit systems running VMware Fusion and push the 26H1 update across all affected endpoints without delay.<\/p>\n With no workaround available, delayed patching leaves a direct root escalation path open on every unpatched macOS host.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post VMware Fusion Vulnerability Let Attackers Escalate Privilege to Root<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nVMware Fusion TOCTOU Vulnerability<\/strong><\/h2>\n
Patch Immediately<\/strong><\/h2>\n