Security researchers just discovered a security flaw residing in the popular SQLite database engine. The vulnerability hasn’t been given a CVE identifier yet but is dubbed Magelan. It affects thousands of desktop and mobile applications, including IoT devices, desktop software, web browsers, and mobile apps (both Android and iOS).
Magellan SQL Vulnerability Technical Overview
Magellan is described as a remote code execution vulnerability. It was discovered by Tencent Blade Team. The flaw exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing the bug, Chromium was also found to be affected, and Google has confirmed and fixed this vulnerability, the researchers said.
No specific details were revealed about the vulnerability, and the researchers are “pushing other vendors to fix this vulnerability as soon as possible”.
However, it is known that the vulnerability could allow an attacker to run malicious code on the compromised system. Other outcomes of successful exploit include program memory leak and program crashes.
Thе vulnerability can be triggered remotely, for example by accessing a particular web page in a browser. Devices and software that use SQLite or Chromium are affected, the researchers said. It should be noted that Mozilla Firefox and Microsoft Edge don’t support this API but Chromium does, meaning that Chromium-based browsers such as Chrome, Vivaldi, Opera, and Brave are all affected.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: