Software update: TeamViewer 15.21.4

Version 15.21 of TeamViewer has been released. This program allows remote management of other computers via a secure VPN connection. That connection runs through TeamViewer’s servers, so no settings on the router need to be adjusted to make it all work. TeamViewer is free for non-commercial use and is being developed for Windows, Linux, macOS, iOS and Android. The changelog for this release looks like this:

New features

• It’s now possible to suppress sending chat messages to a device. This can be achieved by activating the setting for “Disable chat” in the options or via the registry (DisableChat). If disabling chat is activated, the chat tab is no longer visible.
• It is now possible to keep TeamViewer MSI installations up-to-date using automatic updates.
• It is now possible to inherit TeamViewer policies to managed devices via managed groups.
• A new way to display video in meetings is now available: Smart focus, which focuses on your face for better privacy control of your surroundings and more focused meetings!

Improvements

• Updated UI on media and list view in Meeting, for improved user experience.

Bug Fixes

• Fixed a bug that would cause the app not to reconnect if the internet connection was lost during a running meeting.
• Fixed a bug in the UI which prevented displaying the “What’s New” window.
• CVE-2021-34858: Installations with existing TV recording files (TVS) were vulnerable to a problem in file parsing that could have allowed someone to execute arbitrary code and could have caused the binary to crash. User interaction as well as a third-party vulnerability would have been required for remote exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Kdot and the Trend Micro Zero Day Initiative for the responsible disclosure.
• CVE-2021-34859: In some circumstances, a problem in shared memory management could have caused the TeamViewer service to perform an out-of-bounds read. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Mat Powell and the Trend Micro Zero Day Initiative for the responsible disclosure.
• TeamViewer is installed by default in the protected Program Files directory. If a user intentionally had chosen to install it in a different location, someone would have been able to leverage a privilege escalation problem. Access to the machine would have been required for exploitation. We don’t have any indication of exploitation in the wild. Our thanks go to Maciej Miszczyk for the responsible disclosure.