On Friday, 9/15/2017, VMware released patches for the ESXi Server, Workstation, and Fusion (Apple) hypervisors. The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host O/S. This affects ESXi version 6.5, Workstation version 12.X, and Fusion 8.X.
This is a serious problem; one of the reasons that privacy advocates do not put stuff on public Cloud Servers. As stated many times before; do not put stuff in the public Cloud that you can’t afford to be lost or exploited.
Another bug was fixed in VMware’s vCenter Server, used in vSphere environments. This bug fixes a XSS (Cross-Site Scripting) vulnerability in the HTML5 client. This bug exists in version 6.5 of vCenter Server and users should update to version 6.5 U1.
The VMware Security Advisory can be found here.