Virtual machines are an important piece of technology, once they provide full isolation between guest and host operating systems.
Oracle launches released patches for ten vulnerabilities in VirtualBox which allow attackers to break out of guest operating systems and attack the host operating system that VirtualBox runs on.
Exploits using this method, known as a “virtual machine escape,” have been the subject of intense interest among security researchers following the disclosure of the Venom vulnerability in 2015.
These vulnerabilities were published as CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, and CVE-2018-2698. Two are classified as High, and they represent a security risk for IT.
Shared memory interface vulnerability
CVE-2018-2698 is an interesting vulnerability. According to techrepublich news, “it was discovered by Niklas Baumstark, and reported by Beyond Security. This vulnerability exists in the core graphics framework of VirtualBox, and is exploitable on any host operating system. Specifically, the VGA device VirtualBox provides for guest operating systems is allocated VRAM, which is mirrored between the host process and guest kernel.“
According to Baumstark, this allows attackers to execute arbitrary operations on a Windows 10 host as SYSTEM.
VMM device communication breakout
Techrepublic says yet:
Another VirtualBox component-vmmdev, the communications bridge between the host OS and the VirtualBox Guest Additions package-has a vulnerability that allows privilege escalation on Mac OS X hosts. This is covered by CVE-2018-2694.
Similarly, a vulnerability in the Guest Additions itself in CVE-2018-2693 allows attackers to gain access to the host platform. The notes in NVD indicate that, while this is easy to exploit, it requires actions to be taken by someone other than the attacker.
At this time, it is crucial for all system administrators to update their systems.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.