Quote Originally Posted by tsu2 View Post
Historically, there may be 3 vulnerabilities I'm aware of similar to what what is described where isolation between Guests or Guest and Host has happened, and not more than once for the given virtualization technology. The Virtualbox incidents are likely special due to its connection to Oracle despite Virtualbox's relative autonomy... Oracle has a long history of not addressing vulnerabilities in numerous products, the most notorious not addressing common SQL injection attacks for over a decade on it's flagship Oracle Database product (Oracle's position is that you're supposed to put a firewall in front).

In every other incident I'm aware of, the problem was patched immediately and distributed within a couple weeks and this was when patches commonly took a month or longer to be tested sufficiently for release.

I don't know that problem exists today, especially since it should be rare for anyone to still be running VBox 5.x

Bottom line, most/all virtualization takes security very seriously and major issues much less issues not given highest priority is almost unheard of (Unless you're Oracle)
That said, always be aware of User mistakes in setup and configuration that will compromise security.

TSU
Thanks for the technical reply, Tsu. I really want to try virtualization as a way to avoid any problems with hard-drive-encryption or other malware. Now I just have to solve problems with VBox... (sigh)