VMware remote access tool gets three critical fixes, so update now
>
Remote access tools are one of the most popular ways for cybercriminals to penetrate endpoints (opens in new tab) and deliver malware, and another popular service has now been affected.
VMware has released a major update to its Workspace ONE Assist tool, which fixes three very serious bugs that it claims are now being exploited.
The flaws are elevation of privilege vulnerabilities, which allow threat actors to bypass authentication and log into the app as an administrator. They are tracked as CVE-2022-31685 (Authentication Bypass), CVE-202231686 (Broken Authentication Method), and CVE-2022-31687 (Broken Authentication Check). They all have a severity score of 9.8.
Low complexity attacks
According to the company, hackers can exploit the flaws without any intervention from the victim. It described possible attacks as “low complexity”.
“A malicious actor with network access to Workspace ONE Assist could potentially gain administrative access without having to authenticate to the application,” VMware said.
That said, if you’re a Windows user, you’ll need to bring your Workspace ONE Assist to version 22.10 (89993) to avoid disaster.
VMware’s cumulative update also fixes a number of other bugs, including CVE-2022-31688 (cross-site scripting error) and CVE-2022-31689 (authentication after getting a valid session token error).
Cyber criminals often use remote (opens in new tab) access tools in their attacks and combine them with phishing emails, malicious landing pages and fraudulent advertisements for maximum effect.
The most common type of attack starts with a redirect to a malicious landing page that warns the victim that their computer is infected with viruses and needs urgent help from a professional. Such landing pages contain phone numbers that victims can call to get “help”. The fraudsters on the other end of the line would trick victims into downloading legitimate remote access software and using it to gain direct control over the target device.
Through: BleepingComputer (opens in new tab)