TeamViewer hacked

After reports of a serious bug, the developers behind the popular remote desktop management software TeamViewer has released an important patch to seal this vulnerability. Since TeamViewer allows users to share what’s displayed on their desktops with anyone in the world (and more importantly, grant someone else access to their computer), vulnerabilities in TeamViewer can be fairly serious. This specific TeamViewer vulnerability provides the presenter with an opportunity to overtake the viewer’s system, and vice versa.

If your enterprise uses TeamViewer, we strongly recommend updating to the latest version of TeamViewer to prevent this exploit from being used in your network. 

Understanding the TeamViewer hack

TeamViewer uses Microsoft’s Remote Desktop Protocol (RDP), allowing the presenter and viewer to share screens using a secret authentication code. Fortunately, this vulnerability can only be exploited if the authentication code is shared and both screens are connected.

Gellin, a GitHub user, originally reported this vulnerability by publishing a proof of concept code that contains an injectable C++ DLL file. This code exploits naked inline hooking and memory alterations to change TeamViewer permissions. According to Gellin’s report, this exploit can be used by both the host and the client.

If the exploit is performed from the server side, the “switch sides” feature can be enabled, allowing the server to initiate a change of control on the client. If the same maneuver is executed on the client’s side, it will allow them to take control of the server’s keyboard and mouse, without any consideration for the server’s settings and permissions. 

TeamViewer hack remedies

TeamViewer has already released patches for Windows, Mac, and Linux, which you can download to manually update TeamViewer on each of your individual systems. Alternatively, you can use our patch management solution, Patch Manager Plus, to patch up to 25 computers for free.

Already using Patch Manager Plus in your network? Navigate to Supported Patches under the Deployment tab, and search for the bulletins below.  

Bulletin information for Windows and Mac

For Windows:

Bulletin ID: TU-057

Patch ID: 306780

Version: TeamViewer 13 (13.0.5640)

For Mac:

Bulletin ID: MAC-043

Patch ID: 601352

Version: TeamViewer 13 (13.0.5640)

As last month’s Microsoft Office Equation Editor vulnerability shows, hackers can exploit software vulnerabilities faster than you might think. Don’t leave your enterprise vulnerable by waiting to patch TeamViewer. If you’re still wondering how a patch management solution can make a difference in your enterprise, we recommend reading this article and checking out our online demo.

  1. kush

    TeamViewer is nice software, but it’s prohibitively expensive for small organizations. Honestly, we use SCCM, so we use the built-in remote control and remote assistance features for internal support issues

  2. Eliseu Huertas Cos

    I am only reading this because I have been hacked via TeamViewer’s with a subsequent virtual robbery of 12000 euros from my bank account. Left stranded with a couple of Coinbase accounts open on my name from my email. And lost it all in the Local Bitcoin pandemonium where the transactions were made as if I was the author…with the involvement of CB Payments bridge as acting as a ‘mule’ for the crime…

  3. jjssaa

    thanks for the info.