ZDI released the Parallels Desktop (PD) Virtual Machine Escalate Privileges Vulnerability Risk Notice, the vulnerability number is CVE-2020-8871.
Parallels Desktop has a memory out-of-bounds (OOB) vulnerability when implementing virtualized VGA devices. An attacker can cause a virtual machine to escape by running a special program inside the virtual machine. By exploiting this vulnerability, the attacker can execute arbitrary code on the physical host, and obtain the physical host control authority.
- Parallels Desktop ：<= 15.1.2
- Parallels Desktop 15.1.3
Please update to the unaffected version as soon as possible.