The flaw was discovered by Jeffrey Hofmann, security engineer at Praetorian, who explained: “An attacker could embed a malicious iframe in a website with a crafted URL that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share”.
The flaw has been ranked as a high severity risk to Windows 10 users.
But thankfully, while the potential impact of this vulnerability is high successfully, pulling the attack off is pretty tricky. Speaking to ThreatPost, Hofmann explained: “The practical impact is low. Successfully performing the attack is difficult and requires user interaction. There are a lot of prerequisites to exploit the vulnerability successfully.”
Windows 10: How To Stop This Attack
If you have the TeamViewer app installed on Windows 10 then you can protect yourself by updating to version 15.8.3. In a security advisory, the Center for Internet Security (CIS) advised TeamViewer users to upgrade to the latest patch and to be on the lookout for fishy websites.