The impact of this issue announcement is high/important (CVE score: 7.8). Please act accordingly to rectify the issue, as stated below.
What you need to know:
VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper XPC Client validation. VMware has evaluated the severity of this issue to be Important with a maximum CVSSv3 base score of 7.8.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2020-0017 and apply the necessary updates.
Actions to be taken:
To remediate CVE-2020-3973 apply the following patches (Fixed Versions) to the following affected programs running on OSX:
Fusion 11.x – download fixed version 11.5.5 (https://www.vmware.com/go/downloadfusion)
VMRC for Mac 11.x and prior versions – download VMware Remote Console for Mac 11.2.0 (https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VMRC1120&productId=974)
Horizon Client for Mac 5.x and prior versions – download VMware Horizon Client for Mac 5.4.3 (https://my.vmware.com/en/web/vmware/downloads/info/slug/
desktop_end_user_computing/vmware_horizon_clients/5_0) download Horizon Client for Mac
What is the impact of not doing the actions?
Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC for Mac or Horizon Client for Mac is installed.