CVE-2024-1933
📋 TL;DR
This vulnerability allows an attacker with unprivileged access to a macOS system running TeamViewer Remote Client to potentially elevate privileges or conduct denial-of-service attacks by exploiting insecure symbolic link following. It affects TeamViewer Remote Client versions prior to 15.52 on macOS systems.
💻 Affected Systems
- TeamViewer Remote Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could achieve privilege escalation to root/system-level access, potentially gaining full control over the affected macOS system.
Likely Case
Local privilege escalation allowing the attacker to execute code with higher privileges than their current user account, or denial-of-service by overwriting critical system files.
If Mitigated
With proper access controls and limited user privileges, impact would be contained to the compromised user's scope without system-wide compromise.
🎯 Exploit Status
Requires local access to the system and knowledge of symlink manipulation techniques. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.52 or later
Vendor Advisory: https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/
Restart Required: Yes
Instructions:
1. Open TeamViewer application. 2. Go to Help > Check for new version. 3. Follow the update prompts to install version 15.52 or later. 4. Restart the application and system if prompted.
🔧 Temporary Workarounds
Remove TeamViewer
macosUninstall TeamViewer Remote Client if not required
sudo /Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Uninstaller
sudo rm -rf /Applications/TeamViewer.app
sudo rm -rf ~/Library/Application\ Support/TeamViewer
sudo rm -rf ~/Library/Caches/com.teamviewer.TeamViewer
sudo rm -rf ~/Library/Preferences/com.teamviewer.TeamViewer.plist
Restrict TeamViewer Permissions
macosLimit TeamViewer's file system access using macOS privacy controls
Open System Settings > Privacy & Security > Files and Folders
Remove TeamViewer from allowed applications or restrict its access
🧯 If You Can't Patch
- Restrict local user access to systems running vulnerable TeamViewer versions
- Implement strict file permission controls and monitor for symlink creation attempts
🔍 How to Verify
Check if Vulnerable:
Check TeamViewer version in application > Help > About TeamViewer. If version is below 15.52, system is vulnerable.Check Version:
defaults read /Applications/TeamViewer.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Confirm TeamViewer version is 15.52 or higher in Help > About TeamViewer.📡 Detection & Monitoring
Log Indicators:
- Unusual symlink creation in TeamViewer directories
- File permission changes in TeamViewer installation paths
- Unexpected process elevation from TeamViewer
Network Indicators:
- Local privilege escalation attempts from TeamViewer processes
SIEM Query:
process_name:"TeamViewer" AND (event_type:"file_create" OR event_type:"symlink_create") AND file_path:"*TeamViewer*"