Researcher releases PoC exploit for Parallels Desktop privilege escalation (CVE-2023-27326) flaw

A proof-of-concept (PoC) exploit for a serious privilege escalation vulnerability in Parallels Desktop has been released by a security researcher. The vulnerability, identified as CVE-2023-27326, carries a CVSS score of 8.2, indicating its high severity. Users of Parallels Desktop should be aware of this issue and promptly update their software to protect their systems from potential exploitation.

The privilege escalation flaw affects Parallels Desktop, a popular virtualization software solution for Mac computers. It allows local attackers to escalate privileges on affected installations, provided they first obtain the ability to execute high-privileged code on the target guest system.

CVE-2023-27326 PoC

The specific vulnerability lies within the Toolgate component of Parallels Desktop. It stems from the absence of proper validation of user-supplied paths before using them in file operations. Exploiting this vulnerability, an attacker can escalate privileges and execute arbitrary code in the context of the current user on the host system.

The security flaw was discovered and exploited by Alexandre Adamski of Impalabs. Recently, another researcher, Malwareman007, released a PoC exploit for the CVE-2023-27326 vulnerability. The exploit was tested on Parallels Desktop version 18.0.0 (53049).

Parallels has addressed the privilege escalation bug in the 18.1.1 (53328) security update. Users are advised to update their Parallels Desktop installations to the patched version as soon as possible to mitigate the risk associated with this vulnerability. Updating the software ensures that attackers cannot leverage the Toolgate component to escalate privileges on affected systems.

The release of the PoC exploit for the CVE-2023-27326 vulnerability in Parallels Desktop emphasizes the importance of keeping software up to date and staying informed about potential security issues. By updating their Parallels Desktop installations to version 18.1.1 (53328) or later, users can protect their systems from possible exploitation and maintain a secure virtualization environment.