Mac computers are gaining in popularity. Heck, most of my friends have already switched over from the PC (I'm still a holdout), and for the most part, the Mac is seen as a more secure platform. At least, that's what that Mac guy on the TV commercial keeps telling me whenever he pokes a stick at PC, the pudgy comical character (sorry PC).
But even with all the cool bells and whistles that the Mac OS offers, a lot of folks still want access to their PC applications, so they run some form of virtualization on their Mac Intel machines -- whether that's Parallels, Sun/Oracle VirtualBox, or VMware Fusion. Each virtualization platform has their camp of supporters, and all of them seem to do the job.
[ Parallels' new Mac bundle is designed to help PC Windows users make the transition over to Mac OS X | Track the latest trends in virtualization in InfoWorld's Virtualization Report blog and newsletter | Find out about a VMware Fusion bug that breached the guest-host OS wall ]
But take note Fusion operators, VMware just announced in an advisory that there are two vulnerabilities affecting the kernel of the software with previous versions of VMware Fusion. The new patch build, version 2.0.6, fixes these issues. The first issue, a file permission problem in the vmx86 kernel extension, allows for executing arbitrary code in the host system kernel context. The second issue, an integer overflow vulnerability in the vmx86 kernel extension, allows for a DoS attack on the host. In either case, an attacker doesn't need to have host administrative privileges in order to target these security holes.
So if you are running a version of VMware Fusion prior to version 2.0.6, VMware is advising you to download the Fusion update from its Web site. Customers who have purchased and registered their Fusion product may also be able to receive a 12-month complimentary subscription to McAfee VirusScan Plus 2009.