Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the update.parallels.com web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
parallels parallels 13 |