CVE-2024-34331
📋 TL;DR
This vulnerability in Parallels Desktop for Mac allows attackers to escalate privileges to root by exploiting a lack of code signature verification in the Parallels Service, which runs with setuid root permissions. It affects users of Parallels Desktop for Mac versions 19.3.0 and below, enabling unauthorized access and control over the system.
💻 Affected Systems
- Parallels Desktop for Mac
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full root access to the macOS host, allowing them to install malware, steal data, or compromise the entire system.
Likely Case
Local attackers or malware with user-level access escalate privileges to root, leading to persistent control and further exploitation.
If Mitigated
With proper patching and security controls, the risk is minimized, though residual risk exists if unpatched.
🎯 Exploit Status
Exploitation requires local access or ability to run code on the target system; public proof-of-concept details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.3.1 or later
Vendor Advisory: https://kb.parallels.com/129860
Restart Required: Yes
Instructions:
1. Open Parallels Desktop. 2. Go to 'Check for Updates' in the menu. 3. Install the update to version 19.3.1 or higher. 4. Restart the system as prompted.
🔧 Temporary Workarounds
Disable Parallels Service setuid
macOSRemove setuid permissions from the Parallels Service binary to prevent privilege escalation.
sudo chmod u-s /Applications/Parallels\ Desktop.app/Contents/MacOS/Parallels\ Service
🧯 If You Can't Patch
- Restrict local access to the system and monitor for suspicious activity.
- Consider temporarily disabling or uninstalling Parallels Desktop if not essential.
🔍 How to Verify
Check if Vulnerable:
Check the Parallels Desktop version in the application or run: ls -l /Applications/Parallels\ Desktop.app/Contents/MacOS/Parallels\ Service to see if setuid is set.Check Version:
/Applications/Parallels\ Desktop.app/Contents/MacOS/prlctl --versionVerify Fix Applied:
Verify the version is 19.3.1 or later in Parallels Desktop settings or via command: /Applications/Parallels\ Desktop.app/Contents/MacOS/prlctl --version.📡 Detection & Monitoring
Log Indicators:
- Unusual root privilege escalations or modifications to Parallels Service files in system logs.
Network Indicators:
- None specific, as this is a local privilege escalation vulnerability.
SIEM Query:
Example: search for 'Parallels Service' AND 'setuid' in macOS audit logs or process execution events.