Softwares Headline

TeamViewer releases emergency patch for permissions flaw

Written by admin

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

Hackers could gain control of other PCs in desktop sessions

 

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

 

According to researchers at Malwarebytes, Windows, Mac, and LinuxOS are all apparently affected by this bug, which was first revealed over on Reddit. TeamViewer acknowledge existence of the vulnerability after it was publicly disclosed.

 

Reddit user xpl0yt had warned that users should be careful. The user linked to a proof-of-concept (PoC) example of an injectable C++ DLL which uses the flaw to change TeamViewer permissions. In the PoC released by someone named Gellin, TeamViewer permissions can be modified by an injectable C++ DLL, which controls “naked inline hooking and direct memory modification to change TeamViewer permissions.”

 

The code can be used either on the client or server side. From the server end, the flaw enables extra menu item options on the right-side pop-up menu. Most useful so far to enable the “switch sides” feature, which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides, according to the GitHub posting.

 

On the client side, the flaw allows for control of mouse with disregard to servers current control settings and permissions.

 

“Many tech support scammers make use of programs such as TeamViewer, but with this new technique they wouldn’t have to first trick the victim into handing over control,” said researchers on a Malwarebytes blog post. 

 

“While in theory a victim should know immediately if a scammer has gained unauthorised control over their system and kill off the session straight away, in practice it doesn’t always pan out like that.”

 

In a statement, the firm’s spokesperson said that “needs to be stressed that the impact of this exploit is limited”. 

 

“Cyber-criminals could not just randomly attack any given TeamViewer installation. The exploit could only be applied after a legitimate TeamViewer session had been established; in other words: both parties needed to agree to join a legitimate TeamViewer session first and establish it. Additionally, users could end the TeamViewer session at any time to terminate the act,” the spokesperson said.

 

The company added that users should protect themselves by updating their software right away.  “The threat that comes with this potential exploit could be used in a typical tech support scam when scammers ask their victims to connect to the scammer’s machine first. Allowing the scammer to control the connection without the victim’s permission. It’s important to remember that legitimate organisations never cold call users to warn them about computer issues, so just hang up if you receive a call like that. If you are worried about your computer, take the initiative and ask a trustworthy party to look at it,” the spokesperson said.

This article originally appeared at scmagazineuk.com


Source link

About the author

admin

Leave a Comment