10 new vulnerabilities discovered in vm virtualbox

Oracle has released a patch to fix ten vulnerabilities in VirtualBox that allow attackers to escape 'guest' operating systems and attack the host operating system that VirtualBox is running on.

VM VirtualBox solves your serious security problems

Exploits using this method, known as "virtual machine escape", have been the subject of intense interest by security experts after their disclosure in 2015.

The vulnerabilities are published as; CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE- 2018-2694, and CVE-2018-2698 . While they all share the same effect, the method involved - and subsequently the ease with which attackers can exploit the vulnerability - varies by type.

Anyone using VirtualBox is potentially vulnerable to the CVEs listed above, although some of the reported vulnerabilities are specific to the operating systems running on the host. Newly released patches are available in the latest version (5.2.6), as well as the old version (5.1.32).

The developers of this application recommend that all users who run code - unreliable - on guest VMs, update the application urgently.

Although VirtualBox is a popular general-purpose application, it is most commonly used for desktop virtualization. Compared to other apps, the Oracle application has more extensive and reliable support for non-commonly used guest operating systems, such as OS / 2 or Haiku. Support for the VirtualBox guest controller is also being integrated into the Linux kernel, starting with version 4.16.

They can be updated from the same application.

Source