TeamViewer Rushes Fix for Permissions Bug -

TeamViewer Rushes Fix for Permissions Bug

Credit: threatpost.com

  • Dec 05 2017 21:35About: 6 days ago
  • 40 views

Remote support software company TeamViewer said Tuesday it issued a hotfix for a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.

The bug was first publicized by a Reddit user “xpl0yt” on Monday who linked to a proof-of-concept example of a vulnerability created by the bug posted to GitHub by a user named “gellin”. TeamViewer confirmed the existence of the bug on Monday and issued a patch for Windows users on Tuesday.

The bug impacts Windows, macOS and Linux versions of TeamViewer. A patch for macOS and Linux versions of the software are expected late Tuesday or Wednesday, said Axel Schmidt, senior PR manager for TeamViewer.

This proof-of-concept vulnerability, allows an attacker to gain control of the presenter’s session or the viewer’s session without permission, said TJ Nelson, security researcher with Arbor Networks and the ASERT Research team that reviewed the PoC.

“Exploited as a presenter you are able to turn on a ‘switch sides’ feature (that usually needs the client to agree to) and change controls and sides, controlling a viewer’s computer. If exploited as a viewer, you are able to control the mouse of the presenter’s computer no matter what settings or permissions the presenter may have had set,” Nelson said.

Gellin, in a post describing the vulnerability, wrote the root of the vulnerability is an injectable C++ dll that uses naked inline hooking and direct memory modification to change TeamViewer permissions. This allows a user to “enable the ‘switch sides’ feature which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides.”

“(This) allows for control of a mouse with disregard to a server’s current control settings and permissions,” gellin wrote.

In an interview with Threatpost, gellin said the bug requires both users to first be authenticated, and then an attacker would have to inject the PoC code into their own process with a tool such as a DLL injector or some type of code mapper.

“Once the code is injected into the process it’s programmed to modify the memory values within your own process that enables GUI elements that give you the options to switch control of the session,” gellin said. “Once you’ve made the request to switch controls there are no additional check on the server-side before it grants you access.”

Gellin points out the obvious. If an attacker does gain unauthorized control of a targeted computer the victim will easily be able to detect and stop the attacker by ending the session. However, gellin said before the patch was deployed, you could of easily weaponize the bug to disable a host’s visual input and force the targeted computer’s screen go black, hiding malicious activity.

Patches will be delivered automatically to those customers that have configured TeamViewer to accept automatic updates, Schmidt said. However, patches could take up to three to seven days before the update is installed. Users that do not have automatic updates set will be notified an update is available.

“Obviously, users can request an update through the client,” Schmidt said.

Nelson advises users patch for the bug fast. “Typically, these type bugs are leveraged quickly and broadly until they are patched,” he said. “This bug will be of particular interest to attackers carrying out malicious tech support scams. Attacker will no longer need to trick the victim into giving control of the system or running malicious software, instead they will be able to use this bug to gain access themselves,” he said.



Follow Us on Twitter

TeamViewer says issued hotfix address that allows users sharing desktop session gain control other’s computer without permission.

Related stories with TeamViewer Rushes Fix for Permissions Bug

Russia's Olympic Team Barred From 2018 Winter Games For Doping -World News
Russia's Olympic Team Barred From 2018 Winter Games For Doping 6 days ago
A new report confirmed "the systemic manipulation of the anti-doping rules and system in Russia."
Alabama football: Will Crimson Tide be healthy for matchup with Clemson? -World News
Alabama football: Will Crimson Tide be healthy for matchup with Clemson? 6 days ago
The Sugar Bowl is still weeks away, but we’ll be tackling the best question from Alabama football fans each day. Look for our Alabama Question of the Day every Tuesday through Friday.  Alabama football earned the No. 4 seed in the College Football P
Serial molester jailed for 6 months -World News
Serial molester jailed for 6 months 6 days ago
December 06, 2017 5:00 AMA recalcitrant molester released from prison in March was caught on a viral video outraging a woman's modesty on an MRT train just four months later.
S'pore's first bitcoin case heads for trial -World News
S'pore's first bitcoin case heads for trial 6 days ago
December 06, 2017 5:00 AMSingapore's first legal dispute involving the cryptocurrency bitcoin is headed for trial in the Singapore International Commercial Court (SICC).
Masagos: River clean-up shows S'pore's efforts for environment -World News
Masagos: River clean-up shows S'pore's efforts for environment 6 days ago
December 06, 2017 5:00 AMSingapore's approach to sustainable development is exemplified by the Singapore River, which was turned from an "open sewer" in the 1970s into a clean and beautiful waterway, a place for recreation and a source of drinking water,
Worthwhile effort to tackle stigmas and help vulnerable groups -World News
Worthwhile effort to tackle stigmas and help vulnerable groups 6 days ago
December 06, 2017 5:00 AMToh Wen Li
A fairer deal for freelancers -World News
A fairer deal for freelancers 6 days ago
December 06, 2017 5:00 AMAbout 10 per cent of the Singapore workforce is composed of freelancers and the self-employed.
It takes a village to provide care for former sex workers -World News
It takes a village to provide care for former sex workers 6 days ago
December 06, 2017 5:00 AMMany of the people in the sex trade desire a more stable life.
NParks stops trio seen digging for shellfish at Sungei Buloh reserve -World News
NParks stops trio seen digging for shellfish at Sungei Buloh reserve 6 days ago
December 06, 2017 5:00 AMThe sight of three men seemingly scooping shellfish at Sungei Buloh Wetland Reserve stunned a nature guide who was visiting the place over the weekend.
Tommy Koh gets special tribute for contributions -World News
Tommy Koh gets special tribute for contributions 6 days ago
December 06, 2017 5:00 AMAs a diplomat, Ambassador-at-Large Tommy Koh has been a tireless champion for Singapore, standing up for his small country in a chaotic world. For his lifelong efforts, Professor Koh was given a special tribute yesterday.
Fresh Start in home ownership for over 30 families -World News
Fresh Start in home ownership for over 30 families 6 days ago
December 06, 2017 5:00 AMMore than 30 families have successfully applied for a Housing Board flat under the Fresh Start Housing Scheme, said Minister for National Development and Second Minister for Finance Lawrence Wong in a Facebook post yesterday.
Former Alberta premier Dave Hancock named provincial judge -World News
Former Alberta premier Dave Hancock named provincial judge 6 days ago
Former Alberta cabinet minister and interim premier, Dave Hancock, is one of three new judges appointed to the provincial court on Tuesday.