CVE-2021-34857

Name of the Vulnerable Software and Affected Versions: Parallels Desktop version 16.1.3 (49160)

Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this issue. The specific flaw exists within the Toolgate component, resulting from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of the hypervisor.

Recommendations: For Parallels Desktop version 16.1.3 (49160), consider disabling the Toolgate component as a temporary workaround until a patch is available. Restrict access to the Toolgate component to minimize the risk of exploitation. Avoid using user-supplied data in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.