Security researchers just discovered a security flaw residing in the popular SQLite database engine. The vulnerability hasn’t been given a CVE identifier yet but is dubbed Magelan. It affects thousands of desktop and mobile applications, including IoT devices, desktop software, web browsers, and mobile apps (both Android and iOS).
Magellan SQL Vulnerability Technical Overview
Magellan is described as a remote code execution vulnerability. It was discovered by Tencent Blade Team. The flaw exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing the bug, Chromium was also found to be affected, and Google has confirmed and fixed this vulnerability, the researchers said.
No specific details were revealed about the vulnerability, and the researchers are “pushing other vendors to fix this vulnerability as soon as possible”.
However, it is known that the vulnerability could allow an attacker to run malicious code on the compromised system. Other outcomes of successful exploit include program memory leak and program crashes.
Thе vulnerability can be triggered remotely, for example by accessing a particular web page in a browser. Devices and software that use SQLite or Chromium are affected, the researchers said. It should be noted that Mozilla Firefox and Microsoft Edge don’t support this API but Chromium does, meaning that Chromium-based browsers such as Chrome, Vivaldi, Opera, and Brave are all affected.