Categories: Hacking newsTechnology

TeamViewer vulnerability allows users sharing a desktop session to gain control of the other’s PC

TeamViewer promptly issues a patch to fix the vulnerability

TeamViewer issued a patch for users on Tuesday to fix a vulnerability that allows users sharing a desktop session to gain control of another PC without the latter’s permission. This vulnerability affected versions of TeamViewer running on Windows, macOS and Linux machines.

For those unaware, TeamViewer is a popular remote-support software for desktop sharing, online meetings, web conferencing and file transfer between computers over the internet from anywhere in the world. To establish a connection between a local computer and a remote computer, the local computer requires the remote computer’s ID and password to gain control over the remote computer, whereas the remote computer requires the local computer’s ID and password to gain control over the local computer.

The vulnerability was first publicized by a Reddit user “xpl0yt” on Monday who linked it to a Proof-of-Concept (PoC) published on GitHub by a user named “gellin”. TeamViewer too went on to acknowledge existence of the vulnerability after it was publicly disclosed.

According to the PoC released by Gellin, it showed how one could modify TeamViewer permissions via a simple injectable C++ DLL, which controls “naked inline hooking and direct memory modification to change TeamViewer permissions.”

The code can be used on both the client and server side.

  • If Server is an attacker – Enables extra menu item options on the right side pop-up menu. Most useful so far to enable the “switch sides” feature which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides.
  • If Client is an attacker – it will allow the client side to take control of the mouse and keyboard of the server side, ignoring any control settings or permissions on the server side.

This vulnerability could be exploited to gain control of the presenter’s session or the viewer’s session without permission.

To do so, the bug requires both users to first be authenticated and then the attacker needs to inject the PoC code into their own process with a tool such as a DLL injector or some type of code mapper.

“Once the code is injected into the process it’s programmed to modify the memory values within your own process that enables GUI elements that give you the options to switch control of the session,” Gellin told Threat Post. “Once you’ve made the request to switch controls there are no additional check on the server-side before it grants you access.”

Those users who have configured TeamViewer to accept automatic updates will get the patch delivered automatically; however, it could take up to three to seven days for the patches before the update is installed. For those who do not have automatic updates set will be notified when an update is available.

Nelson, security researcher with Arbor Networks and the ASERT Research team who reviewed the PoC advises users patch for the bug fast. “Typically, these type bugs are leveraged quickly and broadly until they are patched,” he said. “This bug will be of particular interest to attackers carrying out malicious tech support scams. Attacker will no longer need to trick the victim into giving control of the system or running malicious software, instead they will be able to use this bug to gain access themselves,” he said.

Source: Threatpost

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

  • Gaming
  • Security news

PS4 is reportedly crashing due to malicious message bug

Malicious gamers are sending messages that are bricking PS4 console; here’s what you can do to make sure that your…

3 hours ago
  • Alternatives
  • List
  • Torrent

Yify Torrents Alternatives- Best Yts like site to download movies

Yify torrents also known as yts is one of the best torrenting sites. Also, the yify group is a renowned name…

4 hours ago
  • News
  • Science

Stephen Hawking’s final fear : A Terrifying Master Race Of Superhumans

Professor Stephen Hawking was one of many scientists that pushed the human race forward by sharing his knowledge and understanding of…

21 hours ago
  • Facebook
  • Security news

Hackers accessed 29 million user accounts, says Facebook

Facebook confirms 29 million users’ data accessed by hackers: How to check if your account has been hacked Last month,…

1 day ago
  • Microsoft
  • News

Microsoft open-sources 60,000 patents to protect Linux

Microsoft makes 60,000 patents open-source to help the Linux Community Microsoft has joined the Open Invention Network ("OIN"), an open-source…

2 days ago
  • Gadgets
  • Technology

World’s fastest camera captures images at 10 trillion frames per second

'World's fastest camera' that freezes images at 10 trillion frames a second is unveiled Researchers from Quebec University’s Institute national…

2 days ago