The Tencent Blade security team found a vulnerability in the SQLite database that exposes billions of desktop and web applications to hackers. This vulnerability classified as a remote code execution (RCE) vulnerability hasn’t received a CVE identification number yet and has been nicknamed as “Magellan” by the Tencent Blade Team. Since SQLite is one of the most popular databases used in modern operating systems and applications, this vulnerability can affect a variety of different apps ( eg: Android/iOS), devices (eg: IoT), and software.
Magellan poses dangers such as allowing hackers to run malicious code within the hacked computers, leaking program memory or causing program crashes. Moreover, this vulnerability can be remotely exploited on even accessing a particular web page in a browser that supports SQLite. Other than SQLite, all web browsers using the Chromium engine has also been affected by this vulnerability. Tencent Blade has already reported the vulnerability to Google developers who then promptly took care of it on their end.
Additionally, security experts at Tencent Blade also successfully exploited Google Home with this vulnerability, but haven’t disclosed the exploit code yet. The team also mentions how they’re yet to see a case where Magellan has been abused “wildly”. Tencent Blade recommends updating to the official stable version 71.0.3578.80 of Chromium and to 3.26.0 for SQLite as they’re safe from the vulnerability.
Google Chrome, Vivaldi, and Brave are all reported to be affected as they support SQLite through the Web SQL database API. Safari web browser isn’t affected yet and Firefox may be prone to this vulnerability in case a hacker gains access to its local SQLite database.
“We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible”, says the Tencent Blade team.
A kernel vulnerability in Apple devices gives access to remote code execution
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…