Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

December 22, 2018 - Cyber Security
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

Cybersecurity researchers recognize a severe vulnerability seemed in SQLite database software which is widely used to maintain databases that expose zillions of disputing to hackers.

Confer as ‘Magellan’ by Tencent’s Blade security team, Which discovered SQLite fault that should allow remote access to attackers to execute arbitrary or malicious code on affected devices; They have full access to leak memory or crash programmes.

SQLite is lightweight database software, extensively used in a disk-based relational database management system (RDBMS) that requires minimal support from os (operating system) or outward libraries, & hence compatible with approx. every device, platform, & programming languages.

SQLite is the widely deployed database engine in these days, SQLite used in millions of applications with literally thousands of deployments, including internet of things (IoT) devices, macOS & Windows apps, including web browsers, like Adobe software, Skype & so on.

Since Chromium-based web browsers—including Chrome, Opera, Vivaldi, & Brave—also support SQLite through the deplore Web SQL database API, Due to this a remote attacker can efficiently target users of affected browsers just by convincing them in to visit a specially created web-page.

“After testing Chromium also affected by this vulnerability, Google has confirmed & fixed this vulnerability,” the researchers mentioned in the blog post.

SQLite has released updated ver. 3.26.0 of its software to find the issue after receiving responsible disclosure from the researchers.

Google has also released Chromium ver. 71.0.3578.80 to correct the issue & pushed the patched ver to the latest ver. of Google Chrome & Brave web browsers.

Tencent researchers said they successfully build a proof_of_concept exploit using the Magellan vulnerability & successfully tests their exploit against Google Home.

Since most applications not patched anytime sooner, researchers have decided not to disclose technical details & proof-of-concept exploits code the publicly.

“We will not to disclose any details of the vulnerability at this time, & we are pushing other affected vendors to patch this vulnerability as soon as possible,” the researchers said.

Everyone Including Adobe, Apple, Dropbox, Firefox, Android, Chrome, Microsoft and a bunch of other software uses SOLite; the Magellan vulnerability is an
the critical issue, even if it’s was not been exploited wildly.

Users & administrators are highly recommended to update their systems and affected software vers. To the latest release as soon as they become released.

Check out our other Cyber Security news Click here

Leave a Reply

Your email address will not be published. Required fields are marked *