Fusion allows VMware customers to run Windows applications on Intel-based Macs. The flaws affect all versions of the software running on Mac OS X prior to and including 2.0.5.
In an advisory published on Thursday, VMware warned that the two vulnerabilities affect the kernel of the software. One, a kernel code execution flaw, is caused by a file permission problem in the vmx86 kernel extension. The other, an integer overflow bug in the vmx86 kernel extension, could lead to a successful denial-of-service attack, the virtualization specialist said.
An attacker does not need administrative privileges to target these security holes.
VMware advised customers running the software on Mac OS X to download Fusion version 2.0.6 from VMware downloads. Customers may be entitled to a 12-month free subscription to McAfee VirusScan Plus 2009, depending on their version of Fusion. They should review their product release notes to verify whether they can get the free subscription, according to the advisory.