Virtualbox : a zer0-day exploit

[labbe5]

Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system.

Many have expressed concerns that malware authors may embed the zero-day's exploit chain inside malware strains that will then be able to escape VirtualBox VMs and infect the researcher's main operating systems with malware, as payback.

Today's zero-day disclosure is also the second virtual machine escape that Zelenyuk has discovered affecting VirtualBox. He found and reported a similar issue in mid-2017, which Oracle took over 15 months to fix.

This lengthy and drawn-out patching process appears to have angered Zelenyuk, who instead of reporting this bug to Oracle, has decided to publish details online without notifying the vendor.
Source : https://www.zdnet.com/article/virtualbo ... esearcher/