Exploits for unpatched Parallels Desktop flaw give root on Macs

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on their Macs without rebooting. Security researcher Mickey Jin published the exploits last week, demonstrating a bypass of the vendor's fixes for CVE-2024-34331, a privilege elevation flaw fixed in September. That flaw, first discovered in May 2024 by Mykola Grymalyuk, stemmed from a lack of code signature verification in Parallels Desktop for Mac. Jin says he released the exploits for the zero-day patch bypass after the developer allegedly left it unfixed for over seven months. "Given that the vendor has left this vulnerability unaddressed for over seven months—despite pr ... Read full article.