On Tuesday, December 5, the manufacturer of remote access software TeamViewer released an urgent fix for a vulnerability in its product. The vulnerability allows remote users who have access to a desktop session to gain access to other people’s computers without permissions. The problem affects versions of Team Viewer for Windows, macOS and Linux.
The vulnerability report was first published on a Reddit forum by a user under the pseudonym xpl0yt. Xpl0yt posted a link to GitHub, where someone under the nickname gellin demonstrated a vulnerability in action.
The problem allows an attacker without permission to capture control both over the computer to which remote access is connected, and over the computer of the one who connected. With the vulnerability, the user who provided remote access to his computer can enable the switching function of the parties and gain access to the partner’s computer without his consent. In turn, the user who connected remote access to the partner’s computer can control his mouse, regardless of the settings and restrictions set by the partner.
It is unknown how long this vulnerability was active, however it is patched now.