Summary: A newly disclosed 0-day vulnerability in Parallels Desktop allows for root privilege escalation, bypassing a previous patch. The flaw emanates from the repack_osx_install_app.sh script and has been unaddressed by Parallels for over seven months despite multiple responsible disclosure attempts. Independent researcher Mickey Jin has shared proof-of-concept exploits demonstrating how attackers could gain root access.
Affected: Parallels Desktop
Keypoints :
- Vulnerability bypasses the patch for CVE-2024-34331, allowing for privilege escalation.
- Two main bypass techniques: a TOCTOU attack and weak signature verification.
- Jin expressed frustration due to Parallelsβ inaction after multiple disclosure attempts.
- Two proof-of-concept exploits published: one to manipulate the repacking process and the other to control destination paths and inject payloads.