February 24, 2025 By Bill Toulas
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.
Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on their Macs without rebooting.
Security researcher Mickey Jin published the exploits last week, demonstrating a bypass of the vendor's fixes for CVE-2024-34331, a privilege elevation flaw fixed in September.
That flaw, first discovered in May 2024 by Mykola Grymalyuk, stemmed from a lack of code signature verification in Parallels Desktop for Mac.
