Parallels Desktop security

I have installed Parallels Desktop on my Macbook M1.

During installation process, Parallels asked my to authenticate with an administrator account. I can see with kextstat command that Parallels has installed kernel modules.

Let's suppose one of this modules contains a malware. I want to understand what this malware can do on my computer:

  • If my harddrive is protected with filevault: The malware will only see my current user files ? Or can it read the whole disk (other users accounts)
  • If my TCC configuration restricts Parallels application (Documents folder file access disallowed): Do you think the kernel modules will bypass the TCC restriction ?

Thanks


Solution 1:

Modifications to the kernel used to be game over and still are close to game over if you can be compelled or tricked to load arbitrary malware as system or kernel extensions. Game over means you can’t depend on any security working to protect data or tamper with any process running.

  • https://developer.apple.com/support/kernel-extensions/

It really depends which specific code you load, though. There are layers of security being built so that a network VPN extension might be prevented from bypassing sandbox or reading files. As Apple rolls out these newer more secure designs, and code you install uses the more secure and limited API/SDK potential bugs and malware might be more contained than in the past.