Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
CVE-2023-50226
7.8HIGH
What is CVE-2023-50226?
A local privilege escalation vulnerability exists within the Updater service of Parallels Desktop that can be exploited by local attackers with low-privileged code execution capabilities. By creating a symbolic link, attackers can manipulate the service to move arbitrary files, allowing them to escalate privileges and execute arbitrary code with root-level access. This vulnerability poses significant risks to the integrity of the affected system, particularly if exploited in a multi-user environment.
Affected Version(s)
Desktop 18.3.0 (53606)