Anyone working on latest TV Hack?

I just saw this 5 minutes ago: https://thehackernews.com/2017/12/teamviewer-hacking-tool.html

Is that 2 hacks this year already? What's the word Teamviewer?

Tagged:
«1

Comments

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi @TikiGiki

    Thank you for your post.

    TeamViewer was not hacked. The issue is about a vulnerability which has already been addressed.

    If you want to read up on this matter, here is an external source: threadpost.com: TeamViewer rushes fix for permission bug

    We will keep you updated in this thread,

    Esther

    Former Community Manager

  • Thanks

  • Is there going to be an update to the changelog to reflect the patched versions for this vulnerability?

  • brw111
    brw111 Posts: 29 ✭✭

    My concern is whether TV 12 has the patch fix. While I have the ability to upgrade to version 13 I'm holding off until the kinks get ironed out, which is why I'm monitoring this topic. So for those of us still using 12 how is this issue being addressed?

     

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi @brw111

    Yes, version 12 for Windows and mac has already been patched.

    Thank you, Esther

    Former Community Manager

  • brw111
    brw111 Posts: 29 ✭✭

    OK, thanks!

  • srf
    srf Posts: 1

    @Esther

    Everything I've read stating the vulnerablility was fixed is sourced from other sites.  There seems to be nothing on TV's website about this vulnerablility, what builds are affect, or a change log.  It's almost like TV isn't officially acknowledging this.  I'm surprised there's nothing on the site about it; there really should be details available to the public from TeamViewer (not a 3rd party source).  Can you comment on this and provide official details?

     

    thanks

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi all,

    please see TeamViewers official statement below:

    "Within hours after an injectable C++ DLL vulnerability was first brought to the attention of TeamViewer’s engineering team, the software maker provided a fix to address the issue.

    The vulnerability was first described on GitHub and concerned TeamViewer’s set of permissions.

    In two different scenarios, attackers could either gain control of the victim’s mouse or switch sides to gain control of the system.

    However, the potential threat was limited as the exploit required a legitimate connection to be established first before it could have been applied.

    Attackers could not randomly target any potential TeamViewer installation.

    In addition, users always have the ability to terminate a TeamViewer session at any time.

    TeamViewer strongly encourages users to update their installation to the latest software version."

    Thank you,

    Esther

    Former Community Manager

  • @Esther

    This is a nice statement, but, I would like to verify that my installations are on the approporate versions. Do you have build information available similar to what is listed here? https://www.teamviewer.com/en/download/changelog/

     

    Thanks

  • brw111
    brw111 Posts: 29 ✭✭

    I agree, since based on the Offical Statement where it encourages to update to latest version I'm no longer so sure that version 12 is in fact free of this vulnerability. There are no more updates for version 12 and as I noted before I'm holding off on updating to 13 until much of this stuff gets worked out!

     

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi all,

    The version number of the latest versions are:

    Windows:

    TeamViewer 13: 13.0.5640
    TeamViewer 12: 12.0.89970
    TeamViewer 11: 11.0.89975

    Mac:

    TeamViewer 13: 13.0.5640
    TeamViewer 12: 12.0.89970
    TeamViewer 11: 11.0.89975

    Linux:

    TeamViewer 13: 13.0.5693 (Host: 13.0.5641)
    TeamViewer 12: 12.0.90041 
    TeamViewer 11: 11.0.90154

    Thank you again,

    Esther

    Former Community Manager

  • Thank you for providing the latest version numbers. To clarify this means all previous versions are vulnerable? Also, does this affect QuickSupport at all or just the full TeamViewer? Again, thanks for responding.

  • Aaron_Boshers
    Aaron_Boshers Posts: 47 Moderator

    Hello @mlarsen

    Thank you for your question.

    As of today, we were able to directly release the patch for the last three latest versions. 

    As for the older versions of the software, we have to open those builds up and make sure the patch does not affect the older versions usability and/or if they contain the issue as well.

    As we have more information on this we will let the community know via this post. 

    If you have any further questions or concerns, please don't hesitate to contact us back.

     

    Aaron Boshers
    Senior Enterprise Solutions Engineer

    If my reply answered your question, help out other users and click the Accept as a Solution button below.
    You can also say thanks by clicking on the Thumbs Up button! Thanks for being an active member of our Community!
  • Thank you for the quick response.

    Does this affect QuickSupport as well or just the full TeamViewer install?

  • Aaron_Boshers
    Aaron_Boshers Posts: 47 Moderator

    Hello @mlarsen

    Thank you for your question.

    The Quick support module does support some features that used to be affected by the vulnerability, which is why we released an updated package for that as well.

    Both the website and the management console should automatically provide users with the latest version if a new download is being performed.

    If you have any further questions or concerns, please don't hesitate to contact us back. 

    Aaron Boshers
    Senior Enterprise Solutions Engineer

    If my reply answered your question, help out other users and click the Accept as a Solution button below.
    You can also say thanks by clicking on the Thumbs Up button! Thanks for being an active member of our Community!
  • Can you also please confirm if this affects the Host Only clients of TV?

    Since there is no meeting feature in the host only install?

  • @Esther Hi does this mean that TeamViewer 11: 11.0.89975 does not have the vulnerability?

  • Is TeamViewer 11: 11.0.89975 patched for the vulnerability?

  • The kinks in earlier versions WILL NEVER get ironed out is what they told me when I HAD to take 13. Still lots of issues overlooked

  • Why are teamviewer deleting my posts?

    I just want to know if TeamViewer 11: 11.0.89975 is patched for the vulnerability?

  • Why is it taking so long for all remote computers to be updated if the policies are set to update most recent everything and enforced? I'm manually enforcing every one I'm on and working with Jonathan on this since yesterday morning when I first broke the news to him.

  • Aaron_Boshers
    Aaron_Boshers Posts: 47 Moderator

    @venterrn

    Thank you for your message. 

    The automatic upate cycle can take up to a few day, that is why we recommend you to check for new update in the help tab of your TeamViewer

    Aaron Boshers
    Senior Enterprise Solutions Engineer

    If my reply answered your question, help out other users and click the Accept as a Solution button below.
    You can also say thanks by clicking on the Thumbs Up button! Thanks for being an active member of our Community!
  • @Aaron_Boshers Thaks aron, just to clearify. Only the full version is affected and the malicous party needs to get a user to connect to them to inject the code? If thats the case this vulnerability is not very critical at all.

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi @Digitus

    The Quick support module does support some features that used to be affected by the vulnerability, which is why we released an updated package for that as well.

    Both the website and the management console should automatically provide users with the latest version if a new download is being performed.

    All the best, Esther

    Former Community Manager

  • From many emails I've sent to Jonathan "Even though I have policies enforcing all remote computers to update to the latest version, as I am logging into them, I am noticing NONE are getting updated unless I do this manual. WHY NOT?"

    His response after 4 sent emails and a phone call 2 hrs ago: "Hi Miles,

    We have very high call volume today so not able to make any outbound call as of now. Sorry. 

    But, when did you create and apply the policy?

    Best regards, 

    Jonathan 
    CSAT Representative"

  • We have a pro license of version 12 and we do not want to change to version 13.

    Are we vulnerable?  If so, how do we obtain the patch without upgrading to version 13?

  • You can get updated 11 and 12 clients here - https://www.teamviewer.com/en/download/previous-versions/

  • Those have the patch for the vulnerability?

  • Still waiting to hear verification if versions prior to 11 are affected. It's pretty odd not to see notifications and guidance about this on TeamViewer's homepage, and also unusual in my experience for a software company not to provide complete details and guidance for precisely which versions are affected.

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi @mlarsen

    We are still investigating older versions. I will update this thread as soon as I am getting more information.

    We are providing notifications and guidance on the TeamViewer Community. Just follow this thread to get the latest news. Thank you for your understanding.

    In addition, please have a look at the press statement on our website.

    Thank you, Esther

    Former Community Manager