Number: AV17-087
Date: 22 June 2017
Purpose
The purpose of this advisory is to bring attention to a security update released by VMware.
Assessment
VMware has released a security update for Horizon View Client for Mac to address a command injection vulnerability. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
Affected Product:
VMware Horizon View Client (Mac OSX) versions prior to 4.5
CVE Reference: CVE-2017-4918
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.
References:
https://www.vmware.com/security/advisories/VMSA-2017-0011.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4918