A new vulnerability in TeamViewer remote support software could allow an attacker to gain control of presenter’s or viewer’s session without permission.
The bug was first publicized on Reddit on Monday where the vulnerability was described and linked to a proof-of-concept example posted on GitHub, Threatpost reports.
According to the GitHub post, an injectable C++ dll uses naked inline hooking and direct memory modification to change your TeamViewer permissions. As the server, users could enable and take advantage of the “switch sides” feature.
TeamViewer has confirmed the existence of the bug and has issued an emergency patch for Windows version.
Updates to macOS and Linux versions of TeamViewer should be available by Wednesday, according to a TeamViewer PR manager.