The vulnerability affects VMware Workstation, Player, and ACE software. It is only exploitable when Shared Folders are enabled -- which is a default setting -- and at least one folder on the Host system is configured for sharing.
For enterprise users, this flaw doesn't affect VMWare's level 1 virtualization platforms, such as ESX. But on Thursday, the virtualization software maker did release a handful of vulnerabilities that do affect ESX. These flaws enable you to gain access to data and bypass security controls.
One of the first software applications I installed when I bought a MacBook Pro last summer was Parallels. After the initial amazement of running my Windows apps on my Mac wore off, I uninstalled it. I had quickly realized the level of complexity -- and risk -- I was bringing to my primary OS X operating system.
I'm much happier with Boot Camp. It runs at native speed. It doesn't hang. And I can harden it down and not worry, should it become comprised, that my primary OS also is at risk.
As for the current VMware flaw, Core Security recommends the following remedial actions:
Disable Shared Folders for all virtual machines that use the feature.
If the Shared Folders feature is required, configure it for read-only access.
If the Shared Folders feature is required, implement appropriate file system monitoring and access control mechanisms on the Host operating system.
Upgrade your VMware software to a nonvulnerable version.
(Don't you always just appreciate it when vendors suggest you UPGRADE your way out of a vulnerability?)