VMware flaws can be abused without user interaction, allowing threat actors elevated privileges.
Remote access tools are one of the most popular ways cybercriminals can compromise endpoints (opens in new tab) and deliver malware, and another popular service has now been affected.
VMware has released an important update for its Workspace ONE Assist tool, fixing three high-severity flaws that it says are being exploited now.
The flaws are elevation-of-privilege vulnerabilities, allowing threat actors to bypass authentication and log into the app as administrators. They are being tracked as CVE-2022-31685 (authentication bypass), CVE-202231686 (broken authentication method), and CVE-2022-31687 (broken authentication control).
