CVE-2020-8871: Parallels Desktop Privilege Escalation Vulnerability Alert

ZDI released the Parallels Desktop (PD) Virtual Machine Escalate Privileges Vulnerability Risk Notice, the vulnerability number is CVE-2020-8871.

Parallels Desktop is the most popular virtual machine software under the MacOS platform, designed to provide high-performance virtual machine services.
CVE-2020-8871

Parallels Desktop has a memory out-of-bounds (OOB) vulnerability when implementing virtualized VGA devices. An attacker can cause a virtual machine to escape by running a special program inside the virtual machine. By exploiting this vulnerability, the attacker can execute arbitrary code on the physical host, and obtain the physical host control authority.

Affected version

  • Parallels Desktop :<= 15.1.2

Unaffected version

  • Parallels Desktop 15.1.3

Solution

Please update to the unaffected version as soon as possible.