Quote:The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April.
Parallels Desktop, now owned by private equity giant KKR, is used by seven million users, according to the company, and allows Mac users to run Windows, Linux and other operating systems on their macOS.
The vulnerability allows malicious software running in a Parallels virtual machine (VM) to access macOS files shared in a default configuration of the software. The software maker stated that the recommended fixes need to be manually performed by end users and will likely “inconvenience” some while also reducing product functionality.
In a Wednesday security bulletin, first to widely disclose details of the bug, it was revealed that the vulnerability (CVE-2021-34864) is caused by improper access control in the Parallels’ WinAppHelper component. The flaw, according to Parallels, is specifically tied to the software’s Parallels Tools, a proxy for communications between the host macOS and the virtual machine’s operating system.
Read more: Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug
![[-]](https://www.geeks.fyi/images/collapse.png)
