TeamViewer Issues Emergency Patch for a Permissions Bug
TeamViewer has issued an emergency patch to fix a security vulnerability that could enable attackers to take over other machines during an active session. The bug first came to the front earlier this week when a Reddit user posted a warning against this bug along with a proof of concept.
"Exploited as a presenter you are able to turn on a 'switch sides' feature (that usually needs the client to agree to) and change controls and sides, controlling a viewer’s computer," TJ Nelson, security researcher with Arbor Networks and the ASERT Research team that reviewed the PoC told Threatpost. "If exploited as a viewer, you are able to control the mouse of the presenter’s computer no matter what settings or permissions the presenter may have had set."
The researcher (username "gellin") who had first posted this bug on GitHub had said the flaw is an "injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions." This change in permissions essentially allows a user to "enable the 'switch sides' feature which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides."
Gellin added that both users need to be authenticated before the bug can be exploited. While talking to the publication, they added:
"Once the code is injected into the process it’s programmed to modify the memory values within your own process that enables GUI elements that give you the options to switch control of the session. Once you’ve made the request to switch controls there are no additional check on the server-side before it grants you access."
TeamViewer had acknowledged the bug yesterday and has now issued an emergency fix. The vulnerability affects all users of Windows, macOS and Linux versions of the software. While the fix is currently available only for Windows, it is also expected to arrive for macOS and Linux users later today. If you have configured TeamViewer to accept automatic updates, this hotfix will be automatically delivered.
- We will update this space as TeamViewer shares any official details of this bug/patch.