CVE-2023-34046

Name of the Vulnerable Software and Affected Versions VMware Fusion versions 13.x prior to 13.5

Description The issue is related to a Time-of-check Time-of-use (TOCTOU) vulnerability in VMware Fusion. This vulnerability can be exploited by a malicious actor with local non-administrative user privileges to escalate privileges to root on the system where Fusion is installed or being installed for the first time. The vulnerability occurs during the initial installation of VMware Fusion, when the user needs to drag or copy the application to a folder from the '.dmg' volume, or when installing an upgrade.

Recommendations For versions 13.x prior to 13.5, update to version 13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the system during the installation process to minimize the risk of exploitation.