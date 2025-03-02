Security flaws on popular software are always something to worry about. Even more, if the company that makes such software was warned about the issue and did nothing for months. That’s the exact story behind this week’s Parallels Desktop security update, and why you should install it ASAP.

Image credit: Parallels

According to MacWorld, cybersecurity researcher Mickey Jin discovered the exploit back in May 2024. As does anyone in this industry, he warned Zero-Day Initiative, an organization that connects software vendors with security researchers. Mickey says ZDI took six weeks to investigate his report, claiming it had been fixed in newer Parallels Desktop versions.

After finding out the vulnerability was still exploitable, in July 2024, he directly contacted Parallels about the issue. Per Mickey’s report, he asked about a fix in October 2024, then twice in February 2025. Without any response, he decided to publicly disclose the vulnerability on February 20.

Only after Mickey’s post did Parallels issue a statement about the issue. The company issued a Knowledge Base article acknowledging the vulnerability, promising a fix would be released soon.

Before proceeding, it’s important to know that only the Intel version of Parallels Desktop is vulnerable to the exploit. Users with Apple Silicon Macs can’t be targeted by this attack.

There are two versions of Parallels Desktop currently receiving support for security fixes: 19 and 20. To check which version you’re running, on the menu bar, go to Parallels Desktop > About Parallels Desktop.

For Users on Parallels Desktop 20

If you’re running Parallels Desktop 20, simply check for updates. You can do that by selecting Parallels Desktop > Check for Updates… on the menu bar. The security update was issued on February 27.

To be protected against the exploit, you need to be on version 20.2.2. Older versions are vulnerable to it.

For Users on Parallels Desktop 19

Users running Parallels Desktop 19 on versions older than 19.4.2 are vulnerable as well. However, the company hasn’t issued a fix yet. According to Parallels, the update should arrive next week.

If you pay for Parallels Desktop in the subscription model, you’re eligible for an upgrade. Just go to the company’s website and you’ll be able to download the update tool.

In case you purchased a lifetime license for Parallels Desktop 19, you can update it at a discounted price. You can go for another one-time purchase, or switch to the subscription model.

Image credit: Parallels

Parallels Desktop is a critical app for many advanced users, and a popular solution for lots of non-experts, too. Whether you need advanced virtualization solutions, or just want to use some Windows apps, chances are you are running it.

That broad audience range is precisely why vulnerabilities in such apps need to be taken seriously. Way more seriously than Parallels did, at least. If, even with the security update, you are considering migrating from Parallels Desktop, there are quite a few options. You may want to check alternatives such as UTM, VMWare Fusion, or VirtualBox.