Windows bugs an unwelcome guest on Macs
Mac users who run Windows applications through virtualization software could now be at risk from Windows-based security problems. A bug in several programs from VMWare allows the guest operating system (Windows) to run code on the host system (Mac OS), contrary to the intentions of such setups.
VMWare, one of the leading firms in the virtualization market, has patched all affected products, which include all editions of VMWare Fusion released before April 10 this year. Users should immediately download the latest edition at http://www.vmware.com/download/fusion/. There’s a full list of the affected software and the necessary solutions at http://www.vmware.com/security/advisories/VMSA-2009-0006.html
The bug was discovered by Kostya Kortchinsky of security firm Immunity Inc. He’s created a demonstration which shows Windows XP (running as a guest system) opening up the calculator in Vista (running as the host system). While that may seem fairly innocent, it’s a major breach that could allow a security bug to ‘jump systems’.
Kortchinsky has not yet created a demonstration of the bug working on a Mac system running Windows as the host, but insists the bug would allow such activity. He also says the issue could affect Linux, both as a host and a guest system.
The bug involves the way the virtualization software is able to display the guest system on the host. It means any malicious software running on the guest system will also have the ability to read and write memory on the host, bypassing some of that system’s built-in security measures.
Sales of virtualization software are reportedly going through a steep rise. That’s likely through users switching from Windows to Macs but wanting to continue to use some Windows applications, particularly in the case of corporate users who have outstanding licenses for those applications.
Related Posts:
