Exploits for unpatched Parallels Desktop flaw give root on Macs

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.

Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on their Macs without rebooting.

Security researcher Mickey Jin published the exploits last week, demonstrating a bypass of the vendor's fixes for CVE-2024-34331, a privilege elevation flaw fixed in September.

That flaw, first discovered in May 2024 by Mykola Grymalyuk, stemmed from a lack of code signature verification in Parallels Desktop for Mac.

Jin says he released the exploits for the zero-day patch bypass after the developer allegedly left it unfixed for over seven months.

"Given that the vendor has left this vulnerability unaddressed for over seven months—despite prior disclosure—I have chosen to publicly disclose this 0-day exploit," explains Jin in a technical writeup.

"My goal is to raise awareness and urge users to mitigate risks proactively, as attackers could leverage this flaw in the wild."

Bypassing Parallels' fix

Parallels' original patch attempted to prevent untrusted code execution by verifying whether the 'createinstallmedia' tool is Apple-signed before granting it root privileges.

However, Jin demonstrated that this verification is flawed, allowing attackers to bypass it in at least two ways.

The first is to perform a time-of-check to time-of-use (TOCTOU) attack to exploit a race condition between checking if 'createinstallmedia' is Apple-signed and executing it with root privileges.

An attacker drops a fake macOS installer, waits for Parallels to verify the Apple-signed 'createinstallmedia' binary, and then quickly replaces it with a malicious script before execution, gaining root privileges.

The second exploit is an attack via the 'do_repack_manual' function that is vulnerable to arbitrary root-own file overwrites.

By manipulating the 'do_repack_manual' function, an attacker redirects a privileged folder using symlinks, tricks Parallels into writing attacker-controlled files to a root-owned path, and replaces 'p7z_tool,' which gets executed as root.

Status of patches

Jin discovered the potential bypasses soon after reading Mykola's writeup and informed Parallels in June 2024.

The researcher says the vendor promised to look into his report, but despite three subsequent requests for an update (the last one was on February 19, 2025), Parallels didn't respond.

The researcher warns that his first exploit, involving the TOCTOU attack, works on the latest version of Parallels, 20.2.1 (55876), and all versions from 19.4.0 and older.

Parallels modified the repacking process in version 19.4.1, switching from 'do_repack_createinstallmedia' to 'do_repack_manual,' breaking the exploit.

However, this change introduced a new vulnerability that allows an attacker to overwrite arbitrary root-owned files, making the second exploit possible.

The changes were reverted in the latest version (20.2.1), so the exploit is now working again.

In conclusion, all known versions of Parallels Desktop, including the latest, are vulnerable to at least one exploit.

BleepingComputer has contacted Parallels requesting a comment on Jin's findings and report, but a statement wasn't immediately available.