Hacking TeamViewer? New Vulnerability Disclosed
TeamViewer – The Remote - Support software is found to have a critical vulnerability which could allow users sharing desktop to gain complete control of the other end without their permission.
It was first disclosed by a Reddit user “xpl0yt” on Monday. POC of this vulnerability is posted on GitHub by “gellin”, which is an injectable C++ DLL that uses naked inline hooking and direct memory modification to change TeamViewer permissions.
The injectable C++ DLL can be used by both server and client using DLL Injector.
If the Server exploits, it would allows viewers to enable the feature “switch sides”, which is activated only after the server authenticates the control with the client. Which will allow the server to switch the sides.
If the Client exploits, it would allow the client to take control of server .
As specified on Github “Allows for control of mouse with disregard to servers current control settings and permissions”.
This affects TeamViewer versions of Windows, MacOS and Linux.
TeamViewer confirmed the existence of this vulnerability and the patch will be released.
Users are recommended to install the updates when available. If automatic updates are configured, it will be patched automatically.