A chain of vulnerabilities has been found in Oracle VirtualBox leading to escape from a virtual machine
BI.ZONE specialists identified two vulnerabilities (CVE-2025-62592 and CVE-2025-61760) in Oracle VirtualBox. Combined, these issues allowed escape from the VirtualBox virtual machine to the ARM-based macOS host system.
It is emphasized that this is the first publicly known chain of vulnerabilities of this kind since the release of version 7.1.0 of VirtualBox in 2024, where support for ARM in macOS appeared.
As a result, the attacker can gain access to the microphone and camera of the device, read and modify any files, including files of other applications. It can also run new processes, effectively gaining almost complete control over the host OS.
Solution.
Update it or use Cloud OS instead like : Kasm Workspaces
BI.ZONE specialists identified two vulnerabilities (CVE-2025-62592 and CVE-2025-61760) in Oracle VirtualBox. Combined, these issues allowed escape from the VirtualBox virtual machine to the ARM-based macOS host system.
It is emphasized that this is the first publicly known chain of vulnerabilities of this kind since the release of version 7.1.0 of VirtualBox in 2024, where support for ARM in macOS appeared.
As a result, the attacker can gain access to the microphone and camera of the device, read and modify any files, including files of other applications. It can also run new processes, effectively gaining almost complete control over the host OS.
Solution.
Update it or use Cloud OS instead like : Kasm Workspaces
