Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34892: KB Parallels: Parallels Desktop Security Updates

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396.

CVE
#vulnerability#mac#windows#apple

Like any software development company, Parallels does not disclose, confirm or discuss security vulnerabilities until they are fixed, and the fix has been released to the public.

If you believe you have found a security issue in Parallels Desktop, visit KB 125214.

Get the latest Parallels Desktop update

To maintain your Parallels Desktop product’s security, we recommend installing all available product updates. To learn how to check for updates, visit KB 111603.

Importance of installing macOS security updates

Parallels Desktop takes the best of both worlds—Mac and Windows—to provide users with the best experience in both operating systems, including your security. To keep your virtual machine (VM) safe, after installing the latest Parallels Desktop build we also strongly recommend installing all macOS security updates. Parallels Desktop depends on the security of macOS, as it runs on a Mac under control from macOS. For your convenience, you can even automate macOS updates or perform them manually.

Importance of installing Windows security updates

After installing the latest Parallels Desktop build and all macOS security updates take care of the last part, your virtual machine. Because Parallels Desktop precisely emulates Windows, the safety of your Windows VM is dependent on the safety of Windows itself. To keep Windows safe, install all Windows updates including security fixes. Check this article to learn how to update.

Parallels Desktop for Mac App Store Edition security updates

As any application installed from App Store, Parallels Desktop for Mac App Store Edition runs in a sandbox environment where all access to your data is limited. Furthermore, the App Store edition uses Apple hypervisor to run virtual machines, thus relying on the overall security of macOS. The safety of your VM while using the App Store edition depends solely on the security of macOS and Windows. As recommended above, install all security updates for macOS (including any related to the App Store application) and Windows to keep your VM safe.

Parallels Desktop security updates

The table below lists security vulnerabilities and a corresponding product version that includes the fix.

Name or ID

Fixed in version

Release date

ZDI-CAN-16653

17.1.3 (51565)

May 26, 2022

ZDI-CAN-16396

ZDI-CAN-16554

ZDI-CAN-16395

ZDI-CAN-14969

17.1.0 (51516)

October 14, 2021

ZDI-CAN-13932

ZDI-CAN-13246

17.0.1 (51482)

September 7, 2021

ZDI-CAN-13797

17.0.0 (51461)

August 10, 2021

ZDI-CAN-13712

ZDI-CAN-13672

ZDI-CAN-13601

16.5.1 (49187)

July 8, 2021

ZDI-CAN-13592

ZDI-CAN-13581

ZDI-CAN-13544

ZDI-CAN-13543

KB 125544

July 27, 2021

ZDI-CAN-13190

16.5.0 (49183)

April 14, 2021

ZDI-CAN-13189

ZDI-CAN-13188

ZDI-CAN-13187

ZDI-CAN-13186

ZDI-CAN-13082

ZDI-CAN-12848

ZDI-CAN-12791

ZDI-CAN-12790

ZDI-CAN-12528

ZDI-CAN-12527

ZDI-CAN-12220

ZDI-CAN-12130

ZDI-CAN-12129

ZDI-CAN-12136

16.1.2 (49151)

December 23, 2020

ZDI-CAN-12131

ZDI-CAN-12221

ZDI-CAN-12068

16.1.0 (48950)

October 22, 2020

ZDI-CAN-12021

ZDI-CAN-11926

ZDI-CAN-11925

ZDI-CAN-11924

ZDI-CAN-10519

16.0.0 (48916)

August 11, 2020

ZDI-CAN-10518

ZDI-CAN-11363

ZDI-CAN-11304

ZDI-CAN-11303

ZDI-CAN-11302

ZDI-CAN-11253

ZDI-CAN-11217

ZDI-CAN-11134

ZDI-CAN-11132

ZDI-CAN-11063

ZDI-CAN-10520

15.1.4 (47270)

April 21, 2020

ZDI-CAN-10030

ZDI-CAN-10032

15.1.3 (47255)

March 10, 2020

ZDI-CAN-10031

ZDI-CAN-10028

ZDI-CAN-10029

ZDI-CAN-9403

ZDI-CAN-9428

ZDI-CAN-8685

15.1.1 (47117)

October 31, 2019

Related news

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907