Oracle has just released a major version upgrade of VitualBox, it’s popular virtualisation product that supports AMD & Intels 64 bit architectures. VirtualBox 6.0, like it predecessors are targeted towards both enterprise as well as home use.
Major Zero-day vulnerability remains unpatched on VirtualBox
While this major upgrade addresses several issues and fixes, apparently a major zero-day exploit that was released by a Russian researcher has not been fixed apparently, further giving credence to the discontent for security community that Oracle is too slow to patch vulnerabilities.
Sergey Zelenyuk, a St. Petersberg based security researcher, in a post on Github, had exposed a chain of bugs that can allow malicious to escape from the VM environment and execute at the hypervisor level, combined with existing vulnerabilities that can be used to gain kernel-level access it has the potential to capture credentials, and control the system remotely.
Barring that, Important updates
The release includes support for upcoming Linux Kernel 4.20, and ability to export VMs directly to Oracle Cloud Infrastructure. It also incorporate major overhaul of the UI to aid better graphics and simpler controls. The UI changes also includes a new feature, a new file manager that can be used to copy disks between VMs and host.
There are improvements in 3D graphics, and surround sound audio setups.
The detailed changelog can be seen here.