TeamViewer has issued an emergency patch to fix a bug which could allow attackers to gain control of other PCs when in desktop sessions.
The vulnerability first came to light on on Monday, when Reddit user xpl0yt told other Redditors to “be careful” after discovering the security flaw. The user linked to a proof-of-concept (PoC) example of an injectable C++ DLL which takes advantage of the bug to change TeamViewer permissions.
The GitHub PoC, uploaded by a user called gellin, describes how the PoC code, tested on TeamViewer x86 Version 13.0.5058, can be utilized to enable the “switch sides” feature that can give a user power over another system involved in a session, which should only be made possible when a user grants that permission manually.
