Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
(Dec 14, 2018)
A critical vulnerability in the popular database software, "SQLite," has been discovered by researchers from Tencent's Blade security team. This vulnerability has been called "Magellan" and allows for threat actors to remotely execute arbitrary and/or malicious code on machines, leak program memory, or even crash applications. Researchers were able to develop a successful Proof-of-Concept (PoC) exploit with the vulnerability, though they will not release the technical details or PoC publicly until patches for all applications are released. This vulnerability affects a large variety of users and applications such as Adobe, Apple, Android, Chrome, Dropbox, FireFox, Internet-of-Things (IoT) devices, Microsoft, and many others that utilise SQLite for their disk-based relational database management. SQLite has released an updated version of their software to address this issue.
Recommendation: Since SQLite has released an updated version, it is crucial to ensure that you are using version 3.26.0 of its software to amend this vulnerability. While this exploit has yet to be observed in the wild, there is potential of threat actors discovering methods to exploit this before all applications and organisations have updated their own software to address this issue because it has now been confirmed that a vulnerability does exist.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.