Important Security Patch: VaM 1.22.0.8 Released
Added 2025-01-30 18:20:20 +0000 UTCSummary:
Please update immediately to VaM 1.22.0.8 to get important security updates
Background:
A community member who works on malware tools found some additional security risks in VaM. We always appreciate being notified when these security risks are found so we can promptly address them before malicious actors have a chance to utilize them.
How to get the patch:
Simply run VaM_Updater.exe in your VaM install folder and click the button at the bottom right to update to 1.22.0.8.
Security risks addressed in this patch:
Plugins can use specific methods to read or write files outside of VaM's secure sandbox. Plugins are normally restricted to only being able to read or write to specific folders in your VaM install folder. The most risk is to those who have "Allow Plugins Network Access" option enabled in User Preferences, as shown below:
Recommendations:
Immediately patch to 1.22.0.8
Use the "Allow Plugins Network Access" preference with caution, as it poses the most risk in usage of all the user preferences. This option is disabled by default.
Never run VaM with administrator privileges.
If you are still concerned about security risks, consider running VaM with a dedicated user account that you don't use for anything else besides VaM.
Only load content from sources you trust.
More Info:
We have scanned all of the Hub-hosted plugins, and as expected, none of the Hub-hosted plugins are using any of these methods in a malicious way.
This patch breaks a few plugins due to the new restrictions. We did not have a way to secure some of the methods without a blanket restriction on entire classes. The patch breaks plugins using these classes in a legitimate way. We have a workaround for any plugins affected, and we are reaching out to those plugin creators who are affected by these new restrictions.
At this time, we are not giving more specifics on exactly what the patch restricts to give users time to apply the patch to their installs before malicious actors have a chance to act on this info.
Comments
It was a corrupt file, I cut the whole directory to another drive. It left only a corrupt file, so I deleted it. I cut the directory back to the original drive and it allowed a repair, then update. It works! Thanks.
Rene Saucedo
2025-02-08 12:02:55 +0000 UTCPlease delete your VaM_Updater.exe, and re-download from here https://cdn.virtamate.com/Release/VaM_Updater.zip and try again. CRC errors indicate the file on disk is corrupted. You may be having an issue with the drive you have VaM installed on, so you might want to check into that or try another drive. I believe there is also an issue if you try to install/run on an external drive if you are doing that. If you have more trouble, please direct message me here on Patreon.
Meshed VR
2025-01-31 14:17:19 +0000 UTCI keep getting a "cyclic redundancy check" error, and it crashes the installer. I've tried with every option in the installer. VAM itself runs, but I just can't update or repair it.
Rene Saucedo
2025-01-31 12:19:17 +0000 UTC
