Say2

**Name of the Vulnerable Software and Affected Versions** Parallels Desktop version 16.5.0 **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the Parallels Service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root. **Recommendations** For Parallels Desktop version 16.5.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.4 Security Update versions prior to 2021-004 Catalina Security Update versions prior to 2021-005 Mojave **Description** A memory corruption issue was addressed with improved state management. This issue allows a malicious application to potentially gain root privileges. **Recommendations** For macOS versions prior to 11.4, update to macOS Big Sur 11.4. For Security Update versions prior to 2021-004 Catalina, apply Security Update 2021-004 Catalina. For Security Update versions prior to 2021-005 Mojave, apply Security Update 2021-005 Mojave.