CVE-2024-38811

Name of the Vulnerable Software and Affected Versions: VMware Fusion versions 13.x before 13.6

Description: The issue is related to insufficient input validation, allowing an attacker to execute arbitrary code in the context of the Fusion application. A malicious actor with standard user privileges may exploit this vulnerability to execute code within Fusion. The root cause is an insecure environment variable.

Recommendations: Update VMware Fusion to version 13.6 on all macOS systems immediately.