CVE-2020-8871: Parallels Desktop Privilege Escalation Vulnerability Alert
ZDI released the Parallels Desktop (PD) Virtual Machine Escalate Privileges Vulnerability Risk Notice, the vulnerability number is CVE-2020-8871.
Parallels Desktop is the most popular virtual machine software under the MacOS platform, designed to provide high-performance virtual machine services.
Parallels Desktop has a memory out-of-bounds (OOB) vulnerability when implementing virtualized VGA devices. An attacker can cause a virtual machine to escape by running a special program inside the virtual machine. By exploiting this vulnerability, the attacker can execute arbitrary code on the physical host, and obtain the physical host control authority.
Affected version
- Parallels Desktop :<= 15.1.2
Unaffected version
- Parallels Desktop 15.1.3
Solution
Please update to the unaffected version as soon as possible.
