10 new VM escape vulnerabilities discovered in VirtualBox

Those Whonix installers for Windows will probably need to be rebuilt to include the latest VirtualBox that patches these holes.

3 Likes

//cc @Ego

Good day,

Thank you for the hint.

For anyone using any version of VBox, either optained via the Installer or any other way, just a reminder to update. There should be a prompt when launching VBox in any way. Furthermore, I shall upload a new version.

Have a nice day,

Ego

There is currently a server issue that I have to iron out before Ego can proceed.

Good day,

A new version of the installer including update VirtualBox binaries is now available: New Whonix Installer Release

Have a nice day,

Ego

1 Like

I’d like to ask either of you gentlemen if these recently discovered VM escape vulnerabilities in VirtualBox apply to both Windows and Linux, or just Windows? My understanding is the VM escapes have been clearly verified on Windows. Have the escapes also been been clearly verified on Linux, including Whonix users on Linux?

Hi Lidecker78

This can be sorted out as per: https://www.whonix.org/wiki/Support#Free_Support_Principle

To start

  1. If you follow the link it states one of the vulnerabilities “Shared memory interface vulnerability” is exploitable on any host operating system.
  2. Plug the CVEs in a search engine and you should find info on all these exploits. Maybe look for “VirtualBox escape 2018” . Have patches been released? If so, have you updates your system??
1 Like