The vulnerability allows malicious software running in a Parallels virtual machine (VM) to access macOS files shared in a default configuration of the software. Parallels Desktop, now owned by private equity giant KKR, is used by seven million users, according to the company, and allows Mac users to run Windows, Linux and other operating systems on their macOS. Mitigation advice comes five months after researchers first identified the bug in April.
The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions.