https://safirsoft.com Under exploit: VMware vulnerability with severity rating of 9.8 out of 10

Code execution flaw in vCenter is exploited to install webshell on unpatched machines.

A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software.

Further ReadingVulnerability in VMware product has severity rating of 9.8 out of 10The vulnerability, tracked as CVE-2021-21985, resides in the vCenter Server, a tool for managing virtualization in large data centers. A VMware advisory published last week said vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet.

Code execution, no authentication required

On Wednesday, a researcher published proof-of-concept code that exploits the flaw. A fellow researcher who asked not to be named said the exploit works reliably and that little additional work is needed to use the code for malicious purposes. It can be reproduced using five requests from cURL, a command-line tool that transfers data using HTTP, HTTPS, IMAP, and other common Internet protocols.

A separate researcher who tweeted about the published exploit told me he was able to modify it to gain remote code execution with a single click of a mouse.

Quick confirm that this is the real PoC of CVE-2021-21985

Under exploit: VMware vulnerability with severity rating of 9.8 out of 10
under-exploit-vmware-vulnerability-with-severity-rating-of.html

https://safirsoft.com Make way for Windows 11? Windows 10 end-of-life is October 2025

Make way for Windows 11? Windows 10 end-of-life is October 2025

We'll find out more about Windows 10's replacement OS later this month.

...
https://safirsoft.com Apple’s podcast subscriptions went live today—with a 30 percent cut

Apple’s podcast subscriptions went live today—with a 30 percent cut

Creators can set whatever subscription fee they choose or not take part at all.

As previously announced in April, Apple has today launched its n...

https://safirsoft.com RAIDz expansion code lands in OpenZFS Master

RAIDz expansion code lands in OpenZFS Master

Founding OpenZFS dev Matthew Ahrens merged the code into master last week.

OpenZFS founding developer Matthew Ahrens merged one of the most soug...

https://safirsoft.com OnePlus announces the 90 Hz, $240 “Nord N200” for North America

OnePlus announces the 90 Hz, $240 “Nord N200” for North America

It has a Snapdragon 480, 4GB of RAM, a headphone jack, microSD slot, and more.

OnePlus' latest cheap phone launching in North America is the "O...

https://safirsoft.com Gmail’s big merger with Google Chat, Meet, and Docs launches for everyone

Gmail’s big merger with Google Chat, Meet, and Docs launches for everyone

Gmail's new do-it-all interface is, thankfully, optional.

Google is moving two big features from Google Workspace (Google's paid-tier of busine...

https://safirsoft.com The Apple Watch Series 7 will have a new design, report says

The Apple Watch Series 7 will have a new design, report says

Some big features, like a blood sugar sensor, are at least a year away, though.

Apple has released a new Apple Watch around the same time every ...