VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The flaw, tracked as CVE-2020-3950, can be exploited by an attacker with regular user privileges to escalate privileges to root.

The researchers who independently reported the issue to VMware, Rich Mirch and Jeffball, immediately noted that the patch was incomplete. VMware confirmed that the patch was incomplete a few days later.