Those Whonix installers for Windows will probably need to be rebuilt to include the latest VirtualBox that patches these holes.
Good day,
Thank you for the hint.
For anyone using any version of VBox, either optained via the Installer or any other way, just a reminder to update. There should be a prompt when launching VBox in any way. Furthermore, I shall upload a new version.
Have a nice day,
Ego
There is currently a server issue that I have to iron out before Ego can proceed.
Good day,
A new version of the installer including update VirtualBox binaries is now available: New Whonix Installer Release
Have a nice day,
Ego
I’d like to ask either of you gentlemen if these recently discovered VM escape vulnerabilities in VirtualBox apply to both Windows and Linux, or just Windows? My understanding is the VM escapes have been clearly verified on Windows. Have the escapes also been been clearly verified on Linux, including Whonix users on Linux?
Hi Lidecker78
This can be sorted out as per: https://www.whonix.org/wiki/Support#Free_Support_Principle
To start
- If you follow the link it states one of the vulnerabilities “Shared memory interface vulnerability” is exploitable on any host operating system.
- Plug the CVEs in a search engine and you should find info on all these exploits. Maybe look for “VirtualBox escape 2018” . Have patches been released? If so, have you updates your system??