New SQLite Vulnerabilities Affect Many Applications
Exactly one year and a week after the disclosing of original Magellan 1.0 SQLite vulnerabilities, the same Tencent Blade Team has disclosed another batch of SQLite vulnerabilities named ‘Magellan 2.0’. As its predecessor this new ‘Magellan 2.0’ infects all applications that use SQLite as a database engine. Improper validation of external SQL queries caused to these exploitation. As a result attackers allow to executing their malicious code through the SQL queries in the application.
SQLite is a famous relational database management system among the developers all over the world. Google Chrome, Mozilla Firefox, Windows 10, and many other well-known applications are utilized with SQLite.
Blog posted by “Tencent Blade” mentioned that “As a well-known database SQlite is widely used in all modern mainstream operating systems and softwares, so this vulnerability has a wide range of influence. SQLite and Google had confirmed and fixed these vulnerabilities. We will not disclose any details of the vulnerability this time and we are pushing other vendors to fix this vulnerability as soon as possible”.
However ‘Tencent Blade’ has been reported these vulnerabilities to Google and SQLite on November 16th, 2019 and patches applied to SQLite on December 13th, 2019.Although they suggest you to install the latest version of applications which are utilized with SQLite as an integrated component.