Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.
For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.