- New TeamViewer Hack Could Allow Clients to Hijack Viewers’ Computer
TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing, and file transfer between computers. If you are using a team viewer look into this, a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission. For a remote session to work both computers—the client (presenter) and the server (viewer)—must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop. GitHub user named “Gellin” has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer’s computer without permission. If exploited by the Server the hack allows viewers to enable “switch sides” feature, which is only active after the server authenticated control with the client, eventually allowing the server to initiate a change of control/sides. If exploited by the Client the hack allows the client to take control of the mouse and keyboard of the server with disregard to servers current control settings and permissions.
Cyber Security Tips: TeamViewer users are strongly recommended to install the patched versions of the software as soon as they become available.
- Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers
An Android developer uses different tools to develop an application. According to the latest report, Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to steal files and execute malicious code on vulnerable systems remotely. The issue was discovered by security researchers at the Check Point Research Team, who also released a proof of concept (PoC) attack, which they called ParseDroid. The vulnerability resides in a popular XML parsing library “DocumentBuilderFactory,” used by the most common Android Integrated Development Environments (IDEs) like Google’s Android Studio, JetBrains’ IntelliJ IDEA and Eclipse as well as the major reverse engineering tools for Android apps such as APKTool, Cuckoo-Droid and more. To exploit this vulnerability attacker need to trigger the vulnerability is trick the developers and reverse engineers into loading a maliciously crafted APK file.
Cyber Security Tips: Most of the developers, including Google, JetBrains and APKTool owner, have since fixed the issue and released patched versions. Developers are strongly recommended that update their tools as soon as possible.