An integration feature that allows Parallels Desktop users to access Windows folders from Mac OS X operating systems can exploited for a guest-to-host virtual machine (VM) escape, a researcher has found.
Russian security researcher and developer Dmitry Oleksiuk has analyzed the “Access Windows folders from Mac” feature in Parallels Desktop 10 for Mac (the latest version). The feature, which is enabled by default, allows users to navigate to their Windows folders and files from Mac OS X by mounting Windows disks to “/Volumes.” When the feature is enabled, users are also given the ability to open files from the Windows guest operating system on Mac OS X via the context menu that appears when a file is right-clicked in Windows Explorer.
The target file is opened on the host side with the privileges of the current OS X user, which, according Oleksiuk, means that the “Access Windows folders from Mac” feature “breaks a security model that you’re usually expecting from guest-host interaction.”
According to the researcher, an attacker can’t leverage this to execute a shell script or an AppleScript file because the files are opened in a text editor.
“But there’s still a lot of other evil things that attacker can do with the ability of arbitrary file opening. For example, it’s possible to write a Java .class that executes specified command and saves its output to the guest file system,” Oleksiuk explained in a blog post.
The researcher has developed a proof-of-concept (PoC) guest-to-host VM escape exploit for Parallels Desktop and demonstrated that arbitrary code execution on the host side is possible. The expert says the exploit works on all versions of Microsoft’s operating system as long as the user belongs to the “Everyone” security group in Windows. While the PoC has been written for Windows, Oleksiuk has pointed out that the issue affects Linux and OS X guest operating systems as well.
Oleksiuk says the issue he has highlighted is more of an “incomplete documentation issue,” rather than an actual vulnerability. However, other experts who have analyzed the Russian researcher’s findings believe it could be viewed as a vulnerability.
“The blog suggests that the Parallels documentation does not state that once you enable guest file system sharing, the guest can break out from VM. So even a security-conscious user who reads docs may decide this option is benign,” said Rafal Wojtczuk, a Bromium researcher who specializes in virtualization security.
“It is a critical issue for anyone running untrusted code in Parallels VM on Mac. Especially that the issue is present in the default config. It is easy for a malware writer to add code that checks whether malware runs in Parallels VM and if so, then reliably escape to the host,” Wojtczuk told SecurityWeek.
The easiest way for users to protect themselves against potential attacks is to disable the “Access Windows folders from Mac” option.
Parallels says it plans on improving Parallels Desktop for Mac documentation to make it more clear on how to configure integration options between Windows and Mac.
“A concerned user can configure individual integration features or simply check the ‘Isolate Windows from Mac‘ option on the Security tab of a virtual machine configuration which will completely disable access to Mac from Windows side,” Parallels representatives told SecurityWeek.
Anup Ghosh, founder and CEO of Invincea, believes Oleksiuk’s report is a good example of how sharing of the host file system in the guest VM can be exploited to gain privileged access on the host.
“However, we should not be surprised by this nor blame Parallels for this. Parallels is a virtualization solution for running another operating system and its applications. It is not a security solution,” Ghosh said via email. “Rather it is designed and configured to support multiple operating systems to run concurrently on the same hardware. Virtualization should not be confused with security for this reason. Depending on virtualization software for security without securing the interaction between the guest and host will only lead to failed security expectations.”