«
»

VMware Patches Spectre Vulnerability In VMware Fusion…. So, What About Parallels Desktop For Mac?

If you run virtual machines on your Mac, you have two choices. You can run VMware Fusion or Parallels Desktop. In both cases, you have to worry about the fallout from the Spectre and Meltdown CPU issues. And in the case of VMware Fusion, they’ve addressed Spectre in their latest update. Specifically, they’ve addressed an attack vector that only appears on virtual machines. Plus VMware has provided specific instructions on how their users can secure themselves.

So, that leaves Parallels Desktop For Mac. What are they doing to protect their users? Well, the closest thing to advice that I have seen is these Tweets:

And:

The problem with this response is that patching macOS and whatever operating systems that you’re using in your virtual machines isn’t enough as pointed out by VMware. Thus there has to be a patch for the virtual machine software. Now I tried to find any further communication from Parallels and I could not. Thus you have to wonder if Parallels is working on something, or are they ignoring this. I say that because in the absence of any info, people will wonder if the company actually cares. Thus if I were Parallels, I’d be putting out some sort of statement of Spectre and Meltdown ASAP, because VMware has beaten them to the punch and is drawing a pretty stark comparison between the two products that has VMware in control of the message on this issue.

UPDATE: Parallels released an update to Parallels Desktop For Mac. The release notes make no mention of Spectre and Meltdown fixes. So I pinged Parallels over Twitter. Here’s what I got back:

The release notes that is referenced in the Tweet is the same one that I looked at prior to pinging them on Twitter. Thus it doesn’t appear that they’ve done anything to mitigate Spectre and Meltdown despite the fact that their nemesis VMware Fusion has.

This entry was posted on January 29, 2018 at 10:14 am and is filed under Commentary with tags , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “VMware Patches Spectre Vulnerability In VMware Fusion…. So, What About Parallels Desktop For Mac?”

  1. Malware Exploiting Spectre & Meltdown CPU Flaws Appears | The IT Nerd Says:
    February 5, 2018 at 8:13 am

    […] tried to exploit them. That makes the screw ups in trying to patch these holes, along with the non-action by some companies in not patching these holes a big issue. Thus pretty much everyone who runs a computer could be in very deep trouble very […]

    Reply
  2. #Fail: Parallels Nags Users Who Bought Their Software With Ads | The IT Nerd Says:
    February 21, 2018 at 9:15 am

    […] that my opinion of their software has really gone downhill because of this. Not to mention the fact that they don’t seem to offer mitigations for the threats posed by Spectre and Meltdown like their main competitor which is VMware Fusion does. Thus later this week I’ll be […]

    Reply
  3. Migrating From Parallels Desktop 13 To VMware Fusion 10 Was Mostly Painless | The IT Nerd Says:
    February 23, 2018 at 8:09 am

    […] VMware Fusion 10 provides mitigations from the Spectre CPU vulnerability. That’s important to me as I take security seriously. Parallels Desktop 13 doesn’t appear to provide that mitigation which was a concern to me and was the main driver for me to make the switch. […]

    Reply
  4. Review: VMware Fusion 11 | The IT Nerd Says:
    October 18, 2018 at 10:01 am

    […] faster. The second last item was a chief motivator for me to move to VMware Fusion last year as my previous virtualization product didn’t offer those fixes.  Support for Metal is great because that is another way that VMware has increased the performance […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading