Thanks to HeartBleed and ShellShock, the eyes of the computing world are now fixed firmly on security. People were wondering what the next major vulnerability will be. Along comes Poodle, as per our expectations.
To know more about Poodle, refer the blog post from Google Security.
http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html
VMware investigated this in a pretty short time and has come out with this blog post:
http://blogs.vmware.com/security/2014/10/cve-2014-3566-aka-poodle.html
This basically says that even though this is more practical than the 2011 BEAST attack, this is a browser based vulnerability which uses MITM technique and thus doesn't directly impact VMware products.
There is a KB out as well:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133
vTip: Everybody is advised to disable SSLV3 in their browser. (https://zmap.io/sslv3/browsers.html)
There will be updates released for Firefox and Chrome which will disallow SSL V3. So time to update those browsers!
EDIT::VMware now recognizes to be more severe and is planning to remove SSL V3 support from its products and services.
