VMware Patches ESXi Vulnerability That Earned Hacker $200,000

On Thursday, VMware informed customers that it has released an updated version of its software that has patched a vulnerability that allowed for critical remote code execution in ESXi, which was exposed at China’s Tianfu Cup hacking competition earlier this month. The exploit, which only took 24 seconds to execute and earned the hacking team a total of $200,000, involved the hacker demonstrating control of the host operating system. The hacker, who is a member of the team 360Vulcan, received the highest single payout of the event. VMware employees attended the event and therefore were provided with details of the exploit after the demonstration, which took place less than a month ago. The vulnerability affects ESXi versions 6.0, 6.5, and 6.7 running on any platform.