Os pesquisadores de segurança só descobriu uma falha de segurança que residem no popular motor de banco de dados SQLite. A vulnerabilidade não foi dado um identificador CVE ainda, mas é apelidado Magelan. Ela afeta milhares de desktop e aplicações móveis, dispositivos, incluindo IdC, software de desktop, navegadores web, and mobile apps (both Android and iOS).
Magellan SQL Vulnerability Technical Overview
Magellan is described as a remote code execution vulnerability. It was descoberto by Tencent Blade Team. The flaw exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing the bug, Chromium was also found to be affected, and Google has confirmed and fixed this vulnerability, os pesquisadores disseram.
No specific details were revealed about the vulnerability, and the researchers are “pushing other vendors to fix this vulnerability as soon as possible”.
Contudo, it is known that the vulnerability could allow an attacker to run malicious code on the compromised system. Other outcomes of successful exploit include program memory leak and program crashes.
Thе vulnerability can be triggered remotely, for example by accessing a particular web page in a browser. Devices and software that use SQLite or Chromium are affected, os pesquisadores disseram. It should be noted that Mozilla Firefox and Microsoft Edge don’t support this API but Chromium does, meaning that Chromium-based browsers such as Chrome, Vivaldi, Ópera, and Brave are all affected.