AI description
CVE-2024-34331 is a privilege escalation vulnerability in Parallels Desktop for Mac, a popular virtualization software that allows users to run other operating systems like Windows and Linux on their Macs. This flaw allows local attackers to gain root access to the macOS system. Exploits bypassing previous fixes for this vulnerability have been publicly disclosed. Originally patched in September 2024, the vulnerability continues to be exploitable due to unsuccessful attempts by the vendor to fully address the issue. A security researcher, Mickey Jin, publicly released exploits demonstrating the bypass of these fixes after what they described as months of poor communication with Parallels. This public disclosure highlights the ongoing risk associated with this vulnerability for users of the software.
- Description
- A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
- Hype score
- Not currently trending
Unpatched Parallels Desktop Flaw Grants Root on Macs 🚨 Two exploits for a privilege elevation vulnerability (CVE-2024-34331) in Parallels Desktop have been disclosed—no patch available. Attackers can gain root access. Mac users, stay vigilant. 🔗https://t.co/77kIEnqrsU… https
@Osec__
7 Mar 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: MITRE Caldera Hit by Critical RCE Flaw (CVE-2025-27364) - Here's What You Need t CVE-2025-27364 CVE-2024-34331 Severity: 🟡 Medium Maturity: 💥 Mainstream Learn more: https://t.co/fZ7x08V3BG #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
1 Mar 2025
44 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
A newly identified zero-day vulnerability (CVE-2024-34331) in the latest #ParallelsDesktop update for macOS could allow cyberattackers to gain root access to your system! This flaw bypasses a prior fix, enabling attackers to gain unauthorized administrator access, putting 7… http
@digitalbluesoft
27 Feb 2025
60 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Un fallo sin parche en Parallels Desktop permite hacerse root en Mac CVE-2024-34331 https://t.co/iUgpYhfKHB… https://t.co/WQeSxLGcML
@doncaptador
26 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Un fallo sin parche en Parallels Desktop permite hacerse root en Mac CVE-2024-34331 https://t.co/2RqwgL2zks https://t.co/Gqj2X01TYg
@elhackernet
25 Feb 2025
3697 Impressions
27 Retweets
67 Likes
4 Bookmarks
0 Replies
2 Quotes
⚠️ Vulnerability Alert: 0-Day in Parallels Desktop 📅 Timeline: Disclosed May 30, 2024; Fixed in version 19.3.1 📌 Attribution: Not specified 🆔 CVE ID: CVE-2024-34331 📊 Base Score: 9.8 📏 CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Severity:… htt
@syedaquib77
24 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes