India’s cyber agency warns of more flaws in VMware products
The Indian Computer Emergency Response Team (CERT-In) has issued new warnings to users, this time reporting various vulnerabilities in the products of enterprise cloud service provider VMware.

CERT-In found flaws in VMware ESXi and Cloud Foundation that could allow an attacker to gain access to sensitive information.

“This vulnerability exists in VMware ESXi and Cloud Foundation due to the Intel and AMD processors they use. An attacker with administrative access to the virtual machine could exploit this vulnerability by exploiting several CPU side-channel defects,” the cyber agency warned…
Additionally, successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information stored in physical memory on a hypervisor or other virtual machines located on the same ESXi host. Another vulnerability in ‘Branch Type Confusion’ helps an attacker with administrative access to a VM to exploit various side-channel CPU bugs.
CERT-In also announced new bugs in Adobe Photoshop and Acrobat that could allow an attacker to run arbitrary code and obtain sensitive information about a target system.

“These vulnerabilities are present in Adobe Photoshop due to access to an unknown pointer and use after an error. An attacker can exploit this vulnerability by luring a victim to open a specially crafted document on the target system,” the cyber agency said…