Aegis

**Name of the Vulnerable Software and Affected Versions** Parallels Desktop version 17.1.1 **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the update mechanism, where the product sets incorrect permissions on sensitive files. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root. **Recommendations** For Parallels Desktop version 17.1.1, update to a version that corrects the permission assignment issue in the update mechanism to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Parallels Desktop version 17.1.1 **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the update mechanism, resulting from the lack of proper locking when performing operations on an object. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root. **Recommendations** For Parallels Desktop version 17.1.1, at the moment, there is no information about a newer version that contains a fix for this issue.