This exploit leverages a directory traversal vulnerability in VMware Fusion's SUID binaries on macOS to achieve local privilege escalation. By creating a hard link to the SUID executable and manipulating the directory structure, the attacker can execute arbitrary code as root.
Classification
Working Poc 100%
Target:
VMware Fusion (versions 10.1.3, 11.0.0, 11.0.2, 11.5.0, 11.5.1)
No auth needed
Prerequisites:
VMware Fusion installed on macOS · VMware Fusion services not running · Unprivileged user access to the system