CVE-2024-36486

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac version 20.1.1 (55740)

Description A privilege escalation issue exists in the virtual machine archive restoration functionality. When restoring an archived virtual machine, the prl vmarchiver tool decompresses the file and writes the content to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, which may lead to elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.