1. Summary
TeamViewer identified a security vulnerability affecting the out-of-session chat functionality in TeamViewer clients. To mitigate the risk, a server-side measure was implemented that disables out-of-session chat for affected clients, ensuring the vulnerability can no longer be exploited. Users who require out-of-session chat must update to the current client version, while no further mitigation actions are required.
2. Vulnerability details
3. Affected software and versions
4. Solutions and mitigations
- No user action required for mitigation
- To continue using the chat, you must update to the latest client version or chat via web.teamviewer.com.
5. Acknowledgements
We would like to thank Kenan Karalioglu (chef_shell) for the discovery and responsible disclosure.