Oracle has released a new version of the VirtualBox virtualization system, version 7.2.6, aimed at addressing 14 vulnerabilities. Five of these vulnerabilities are considered critical, with one being exploitable remotely. The details of these vulnerabilities have not been disclosed yet.
Aside from the security fixes, the new version also includes 35 changes. Some notable changes include moving components like the VRDP server, smart card emulator with USB interface, and disk and virtual machine encryption to the base package distributed with the source code. Additionally, improvements have been made for both guest and host systems running Linux, addressing kernel compatibility issues and problems with starting services and virtual machines.
The update also resolves issues with IPXE booting, VM crashes, full-screen mode support in multi-monitor setups, GUI functionalities, and CPU load when using an address translator in a virtual machine. A specific fix in VBoxManage now allows VMs to start from the command line under certain circumstances.
Furthermore, Oracle has released an update for the previous branch of VirtualBox, version 7.1.16, which includes fixes for vulnerabilities and 18 other improvements.