Security News > 2021 > August > Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions.
Parallels Desktop, now owned by private equity giant KKR, is used by seven million users, according to the company, and allows Mac users to run Windows, Linux and other operating systems on their macOS. The vulnerability allows malicious software running in a Parallels virtual machine to access macOS files shared in a default configuration of the software.
"By default, Parallels Desktop shares files and folders between the Mac and a VM, so users can easily open macOS files from applications running in a virtual machine and save documents to Mac," Parallels explained.
Parallels is advising users to mitigate the vulnerability via reconfiguring their software or upgrading to the latest version, which is Parallels Desktop 17 for Mac, released on August 10.
On August 10, Parallels posted to its Knowledge Base information regarding the flaw, under the title "Mitigate ZDI-CAN-13543 in Parallels Desktop 16 and older".
Seeing an opportunity, on April 14 Parallels released an update for Parallels Desktop 16 for Mac that supports Mac computers with Apple M1 chip.
News URL
https://threatpost.com/parallels-inconvenient-fix/168997/