Remote access service TeamViewer has delivered a fix for a serious vulnerability (opens in new tab) that could allow hackers to gain entry to a target device.
According to BleepingComputer (opens in new tab), the victim need only browse a compromised website containing a malicious iframe, which could be almost imperceptible on the page to the regular user.
The iframe then abuses the custom “teamviewer10” URI (used in legitimate scenarios to launch applications from their browser) to open the desktop client and instruct the software to connect to the hacker via the Server Message Block (SMB) protocol.
Further, since the victim’s machine is responsible for initiating the server connection, the hacker does not require a password to gain access.
Once inside, the malicious actor is able to perform remote code execution at will and lift password hashes, which could be used to perform future account compromise attacks.
“[The flaw] affects the URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvviderocall1 and ttvpn1,” explained Jeffrey Hofmann, the security researcher responsible for the discovery.
TeamViewer has acknowledged the issue in a public statement, in which the firm also thanked Hofmann for his disclosure and announced a patch has been made available.
“Today we released some updates for TeamViewer 8 through 15, for the Windows platform. We implemented some improvements in URI handling relating to CVE 2020-13699,” said the company.
- Here's our list of the best antivirus (opens in new tab) services around