Login Sign Up

CVE-2023-50228

7.8 HIGH

📋 TL;DR

This vulnerability in Parallels Desktop Updater allows local attackers to escalate privileges from low-privileged code execution to root-level access due to improper cryptographic signature verification. It affects Parallels Desktop installations where an attacker already has initial access to the system. The vulnerability enables arbitrary code execution with root privileges.

💻 Affected Systems

Products:
  • Parallels Desktop
Versions: Versions prior to 19.1.1
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Parallels Desktop installations on macOS where the Updater service is running.

📦 What is this software?

Parallels Desktop by Parallels

View all CVEs affecting Parallels Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level persistence, data exfiltration, and lateral movement capabilities.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install malware, or access protected resources.

🟢

If Mitigated

Limited impact if proper patch management and least privilege principles are enforced.

🌐 Internet-Facing: LOW - Requires local access and initial code execution, not directly exploitable over network.
🏢 Internal Only: HIGH - Once an attacker gains initial foothold on a vulnerable system, they can escalate to root privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local code execution first, but privilege escalation component is straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.1.1 or later

Vendor Advisory: https://kb.parallels.com/en/125013

Restart Required: Yes

Instructions:

1. Open Parallels Desktop. 2. Go to Parallels Desktop menu > Check for Updates. 3. Install version 19.1.1 or later. 4. Restart the system.

🔧 Temporary Workarounds

Disable Parallels Desktop Updater Service

all

Temporarily disable the vulnerable Updater service to prevent exploitation

sudo launchctl unload /Library/LaunchDaemons/com.parallels.desktop.launchdaemon.plist

🧯 If You Can't Patch

  • Restrict local user privileges using macOS System Preferences to limit initial attack surface
  • Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Parallels Desktop version: Open Parallels Desktop > About Parallels Desktop. If version is earlier than 19.1.1, system is vulnerable.

Check Version:

defaults read /Applications/Parallels\ Desktop.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify version is 19.1.1 or later in About Parallels Desktop dialog.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts in system logs
  • Suspicious Updater service activity

Network Indicators:

  • None - local privilege escalation only

SIEM Query:

process_name:"Parallels Desktop Updater" AND parent_process NOT IN (expected_parent_processes)

📊 Metadata

CVE ID: CVE-2023-50228
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-347
Published: May 3, 2024
Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50228, you might also want to check these:

CVE-2022-24884 10.0

This vulnerability in ecdsautils allows attackers to forge ECDSA signatures by providing zero-value ...

Same vulnerability type (CWE-347)
CVE-2023-25574 10.0

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LT...

Same vulnerability type (CWE-347)
CVE-2024-45409 10.0

CVE-2024-45409 is a critical authentication bypass vulnerability in the Ruby SAML library where SAML...

Same vulnerability type (CWE-347)