Jeffball

**Name of the Vulnerable Software and Affected Versions** VMware Fusion versions 11.x before 11.5.5 VMware Remote Console for Mac versions 11.x and prior VMware Horizon Client for Mac versions 5.x and prior **Description** The issue is related to insufficient access control in VMware products, allowing for local privilege escalation. Exploitation of this issue may enable an attacker to elevate their privileges to root level on the system. The vulnerability is due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. **Recommendations** For VMware Fusion versions 11.x before 11.5.5, update to version 11.5.5 or later. For VMware Remote Console for Mac versions 11.x and prior, update to a version later than 11.x. For VMware Horizon Client for Mac versions 5.x and prior, update to a version later than 5.x.

**Name of the Vulnerable Software and Affected Versions** VMware Fusion versions 11.x before 11.5.2 VMware Remote Console for Mac versions 11.x and prior before 11.0.1 Horizon Client for Mac versions 5.x and prior before 5.4.0 **Description** The issue is due to improper use of setuid binaries, which may allow attackers with normal user privileges to escalate their privileges to root on the system where the software is installed. Successful exploitation of this issue can lead to privilege escalation. **Recommendations** For VMware Fusion versions 11.x before 11.5.2, update to version 11.5.2 or later. For VMware Remote Console for Mac versions 11.x and prior before 11.0.1, update to version 11.0.1 or later. For Horizon Client for Mac versions 5.x and prior before 5.4.0, update to version 5.4.0 or later.