AI description
CVE-2024-34331 is a privilege escalation vulnerability in Parallels Desktop for Mac, a popular virtualization software that allows users to run other operating systems like Windows and Linux on their Macs. This flaw allows local attackers to gain root access to the macOS system. Exploits bypassing previous fixes for this vulnerability have been publicly disclosed. Originally patched in September 2024, the vulnerability continues to be exploitable due to unsuccessful attempts by the vendor to fully address the issue. A security researcher, Mickey Jin, publicly released exploits demonstrating the bypass of these fixes after what they described as months of poor communication with Parallels. This public disclosure highlights the ongoing risk associated with this vulnerability for users of the software.
- Description
- A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Un fallo sin parche en Parallels Desktop permite hacerse root en Mac CVE-2024-34331 https://t.co/2RqwgL2zks https://t.co/Gqj2X01TYg
@elhackernet
25 Feb 2025
3470 Impressions
26 Retweets
64 Likes
4 Bookmarks
0 Replies
2 Quotes
⚠️ Vulnerability Alert: 0-Day in Parallels Desktop 📅 Timeline: Disclosed May 30, 2024; Fixed in version 19.3.1 📌 Attribution: Not specified 🆔 CVE ID: CVE-2024-34331 📊 Base Score: 9.8 📏 CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Severity:… htt
@syedaquib77
24 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes