Parallels Desktop 2020

  



  1. Parallels Desktop Free 2020
  2. Parallels Desktop Download

Current Description

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.


  • The current Parallels Desktop version available is 16, which is 79.99 dollars, but, sometimes, you can get a discount for this. Once you buy, you need to download and run Parallels, and you can run the software and install Windows OS within it. Much like Boot Camp, you need to choose the amount of space to assign to Windows.
  • — Alex Vasilchenko (@alexfreud) December 17, 2020 Today’s release of the Parallels Desktop 16 Technical Preview for M1 Macs comes less than a month after the company teased that it was in.
  • CVE-2020-17397 Detail Current Description This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4.
  • Up to 250 percent less energy used: On a Mac with an Apple M1 chip, Parallels Desktop 16.5 uses 2.5 times less energy than on a 2020 Intel-based MacBook Air computer.

Analysis Description

Now, in 2020, Parallels Desktop 16 reinvented itself for macOS Big Sur to use native Mac virtualization without loading any deprecated kernel extensions. Parallels Desktop 16 for Mac Pro Edition.

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.

Severity

CVSS 3.x Severity and Metrics:
NIST:NVD
Vector:Zero Day Initiative
Vector:NVD
Computers
Vector:HyperlinkResourcehttps://kb.parallels.com/en/125013Vendor Advisoryhttps://www.zerodayinitiative.com/advisories/ZDI-20-1019/Third Party AdvisoryVDB Entry

Weakness Enumeration

CWE-IDCWE NameSource
CWE-129Improper Validation of Array IndexNIST Zero Day Initiative

Known Affected Software Configurations Switch to CPE 2.2

Parallels

Parallels Desktop Free 2020

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Parallels Desktop Download

Change History

1 change records found show changes