I just saw this 5 minutes ago: https://thehackernews.com/2017/12/teamviewer-hacking-tool.html
Is that 2 hacks this year already? What's the word Teamviewer?
Hello! We use Team Viewer ver.10.0. Does it version have this vulnerability?
That still doesn't really address the pre-11 versions.
"The impact of this exploit is limited. Cybercriminals cannot just randomly attack any given TeamViewer installation. The exploit can only be applied after a legitimate TeamViewer session has been established. "
So, had this been known in 2016, it could have been far worse. (I'm referring to this instance: https://blog.teamviewer.com/recent-cyber-attacks/). In this instance, they were randomly attacking any given TeamViewer installation using weak passwords, probably from a huge list from previously hacked sources...so if people didn't take steps to secure their accounts with 2fa, etc., there's serious potential for another attack using the password reuse thing, then firing the exploit to switch screens.
So we still need to address whether or not the older versions are affected.
Hi there,
I would like to give you a heads-up on the process at TeamViewer in regard to this matter.
I apologize that it took a few days to post this update, but please rest assured we take this matter extremely serious and continue to review it.
Let me provide you with a Q & A about the matter. Please excuse that I am repeating some parts of what I posted earlier, but I think it is good to have a complete overview:
The permission hook exploit is a vulnerability that pertains to TeamViewer’s Windows, macOS and Linux versions and concerns TeamViewer’s set of permissions. In two different scenarios, attackers could either gain control of the victim’s mouse or switch sides to gain control of the system. However, a cybercriminal cannot randomly attack any TeamViewer installation as the exploit requires a running session.
Remote support sessions should only be conducted with trustworthy parties. Even the permission hook exploit cannot be applied without a typical social engineering scheme.
Remember big organizations do not cold call you to inform you about a potential flaw of your device. If you receive a call like that, just hang up! If you are concerned about your machine, take the initiative and have a trustworthy party look at it.
For the use within organizations, it will be helpful to remind employees that remote sessions should only be held with trustworthy parties.
In addition, users should always update their software and only download TeamViewer through the official channels.
The impact of this exploit is limited. Cybercriminals cannot just randomly attack any given TeamViewer installation. The exploit can only be applied after a legitimate TeamViewer session has been established. So even if a TeamViewer version is susceptible to this potential threat, it only becomes an issue if users join in sessions with a rogue participant. Additionally, every TeamViewer user has the ability to end the session at any time to terminate the attack.
The Proof of Concept (PoC) was first published by an external security researcher on GitHub. TeamViewer discovered the PoC in a monitoring routine that is continuously run to identify potential threats.
The exploit could be administered in a typical tech scam, and hinges on social engineering. Scammers very often have their victims connect to their – i.e. the scammer’s – computer first. From there they coax them into confirming a switch of sides so that the scammers can access the victim’s device.
With the permission hook exploit, scammers can switch sides without having the victim confirm that first. Still the victim can end the session to terminate the attack. But as has been pointed out before, there is no feasible approach to exploit this vulnerability without a social engineering scheme.
TeamViewer responded immediately to contain the threat. After TeamViewer learned about the issue on Monday, December 4, 2017, hotfixes for Windows were provided on Tuesday, December 5, 2017. macOS updates were released on Wednesday, December 6, 2017. Updates for Linux appeared on Thursday, December 7, and Friday, December 8, 2017.
Updates are available for TeamViewer versions 11-13. The vulnerability also affects the QuickSupport and Host module. Patches have been provided accordingly.
The reception of the available updates depends on the setting in the TeamViewer client. Users who have not enabled auto updates in the software will receive an in-product message that will ask them to update their client.
Users with auto updates enabled will receive the update automatically.
However, TeamViewer encourages all users to manually initiate the check for updates. Because even with the auto update enabled, delays may occur because of the frequency set for the update checks in the TeamViewer client.
This delay is due to organizational processes. We apologize for any inconvenience that may have caused.
TeamViewer will provide proper change logs that will reflect the vulnerability adequately.
The latest versions that include the hotfix – as of December 12, 2017 – are as follows:
Windows:
TeamViewer 13: 13.0.5640 TeamViewer 12: 12.0.89970 TeamViewer 11: 11.0.89975
Mac:
Linux:
TeamViewer 13: 13.0.5693 (Host: 13.0.5641) TeamViewer 12: 12.0.90041 TeamViewer 11: 11.0.90154
Yes, the statement about the issue can be read and downloaded at:
https://www.teamviewer.com/en/company/press/teamviewer-releases-hotfix-for-permission-hook-vulnerability/
Thank you for your patience and your understanding. In case of any further questions please feel free to post them in this thread and we will work on an answer.
All the best, Esther
It does seem reasonable. I would say it's likely that a step like that would go against some of their internal procedures (possibly), and also they could be looking directly at source code to see any problems (not a bad idea, but slower).
Or the other possibility is that they're more worried about about 11+, and previous versions aren't a priority to them. I don't like that possibility as much, but it's a reality that this could be the case.
Well yeah, but I can't imagine why TeamViewer doesn't do just this. It does not seem like an unreasonable expectation.
So, if anyone is tired of waiting for an official answer...why not just set up two computers on the same subnet with an older version running on one of them, and try the exploit and see whether it works or not, then report your findings to everyone?
Hi @mlarsen
We are still investigating older versions. I will update this thread as soon as I am getting more information.
We are providing notifications and guidance on the TeamViewer Community. Just follow this thread to get the latest news. Thank you for your understanding.
In addition, please have a look at the press statement on our website.
Thank you, Esther
Still waiting to hear verification if versions prior to 11 are affected. It's pretty odd not to see notifications and guidance about this on TeamViewer's homepage, and also unusual in my experience for a software company not to provide complete details and guidance for precisely which versions are affected.
Those have the patch for the vulnerability?
You can get updated 11 and 12 clients here - https://www.teamviewer.com/en/download/previous-versions/
We have a pro license of version 12 and we do not want to change to version 13.
Are we vulnerable? If so, how do we obtain the patch without upgrading to version 13?
From many emails I've sent to Jonathan "Even though I have policies enforcing all remote computers to update to the latest version, as I am logging into them, I am noticing NONE are getting updated unless I do this manual. WHY NOT?"
His response after 4 sent emails and a phone call 2 hrs ago: "Hi Miles,We have very high call volume today so not able to make any outbound call as of now. Sorry. But, when did you create and apply the policy?Best regards, Jonathan CSAT Representative"
Hi @Digitus
The Quick support module does support some features that used to be affected by the vulnerability, which is why we released an updated package for that as well.
Both the website and the management console should automatically provide users with the latest version if a new download is being performed.
@Aaron_Boshers Thaks aron, just to clearify. Only the full version is affected and the malicous party needs to get a user to connect to them to inject the code? If thats the case this vulnerability is not very critical at all.
@venterrn
Thank you for your message.
The automatic upate cycle can take up to a few day, that is why we recommend you to check for new update in the help tab of your TeamViewer
Why is it taking so long for all remote computers to be updated if the policies are set to update most recent everything and enforced? I'm manually enforcing every one I'm on and working with Jonathan on this since yesterday morning when I first broke the news to him.
Why are teamviewer deleting my posts?
I just want to know if TeamViewer 11: 11.0.89975 is patched for the vulnerability?
The kinks in earlier versions WILL NEVER get ironed out is what they told me when I HAD to take 13. Still lots of issues overlooked
Is TeamViewer 11: 11.0.89975 patched for the vulnerability?
@Esther Hi does this mean that TeamViewer 11: 11.0.89975 does not have the vulnerability?
Can you also please confirm if this affects the Host Only clients of TV?
Since there is no meeting feature in the host only install?
Hello @mlarsen
Thank you for your question.
If you have any further questions or concerns, please don't hesitate to contact us back.
Thank you for the quick response.
Does this affect QuickSupport as well or just the full TeamViewer install?
As of today, we were able to directly release the patch for the last three latest versions.
As for the older versions of the software, we have to open those builds up and make sure the patch does not affect the older versions usability and/or if they contain the issue as well.
As we have more information on this we will let the community know via this post.
Thank you for providing the latest version numbers. To clarify this means all previous versions are vulnerable? Also, does this affect QuickSupport at all or just the full TeamViewer? Again, thanks for responding.
Hi all,
The version number of the latest versions are:
TeamViewer 13: 13.0.5640TeamViewer 12: 12.0.89970TeamViewer 11: 11.0.89975
TeamViewer 13: 13.0.5693 (Host: 13.0.5641)TeamViewer 12: 12.0.90041 TeamViewer 11: 11.0.90154
Thank you again,
Esther
I agree, since based on the Offical Statement where it encourages to update to latest version I'm no longer so sure that version 12 is in fact free of this vulnerability. There are no more updates for version 12 and as I noted before I'm holding off on updating to 13 until much of this stuff gets worked out!
@Esther
This is a nice statement, but, I would like to verify that my installations are on the approporate versions. Do you have build information available similar to what is listed here? https://www.teamviewer.com/en/download/changelog/
Thanks
please see TeamViewers official statement below:
"Within hours after an injectable C++ DLL vulnerability was first brought to the attention of TeamViewer’s engineering team, the software maker provided a fix to address the issue.
The vulnerability was first described on GitHub and concerned TeamViewer’s set of permissions.
In two different scenarios, attackers could either gain control of the victim’s mouse or switch sides to gain control of the system.
However, the potential threat was limited as the exploit required a legitimate connection to be established first before it could have been applied.
Attackers could not randomly target any potential TeamViewer installation.
In addition, users always have the ability to terminate a TeamViewer session at any time.
TeamViewer strongly encourages users to update their installation to the latest software version."
Thank you,
Everything I've read stating the vulnerablility was fixed is sourced from other sites. There seems to be nothing on TV's website about this vulnerablility, what builds are affect, or a change log. It's almost like TV isn't officially acknowledging this. I'm surprised there's nothing on the site about it; there really should be details available to the public from TeamViewer (not a 3rd party source). Can you comment on this and provide official details?
thanks
