VMware has published a security advisory to address a Time-of-check Time-of-use (TOCTOU) issue in the service opener, an issue in the shader functionality and a memory leak vulnerability in the VMCI module.
Successful exploitation of the vulnerabilities could allow attackers with normal user privileges to escalate their privileges to root on the macOS system if the vulnerable versions of Fusion, VMRC and Horizon Client are installed. An attacker may also allow to create a denial-of-service condition on an affected host machine.
Patches for VMware Remote Console (VMRC) for Mac and VMware Horizon Client for Mac have not yet been available. Users are advised to safeguard the affected systems against unauthorised user access and apply the patch once available. For other affected products, VMware has released new versions to address the issues at the vendor's website:
System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.vmware.com/security/advisories/VMSA-2020-0011.html
https://www.us-cert.gov/ncas/current-activity/2020/05/29/vmware-releases-security-updates-multiple-products
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3957 (to CVE-2020-3959)