On May 3 VMware released a security update, that the company itself define as “accelerated“, with the purpose to patch five “critical” security issues across VMware ESX and ESXi hypervisor version 3.5, 4.0, 4.1 and 5.0 and also two of the client products, VMware Workstation and Player.
As reported in the Security Note, this update is connected to the source code leak announced on April 24.
Albeit VMware didn’t release any detail about the leak so far, ThreatPost, run by Kaspersky Lab, indicates “Hardcore Charlie” as the hacker claiming to have stolen 300 Megabytes of VMware source code from the military contractor China National Import & Export Corp (CEIEC).
Despite VMware quotes the event in the note, doesn’t evidence any link between the discovered vulnerabilities and the stolen code, merely suggesting the update as a normal security procedure.
1. Are these software patches related to source code associated with the April 23rd incident?
VMware has consistently provided software updates and patches to help customers maintain the most reliable and secure environment. In light of the current circumstances, we have accelerated our most recent security patches and applied them to all affected currently supported products.