The latest version of Parallels Desktop virtualization software for macOS contains an unpatched zero-day vulnerability allowing root access, and a proof-of-concept exploit is available.
The bug, which doesn't have a CVE or CVSS score yet, is actually a patch bypass, and ultimately gives cyberattackers a way to gain unauthorized administrator-level — or root — access on affected systems. It affects a script that Parallels Desktop uses to repack macOS installer applications to make them compatible with Parallels virtualization.
https://www.darkreading.com/application ... esktop-mac