Critical bug found in popular database management system
A vulnerability in the SQLite database management could lead to remote code execution (RCE), researchers have confirmed, as vendors are urged to patch against it.
The flaw – dubbed ‘Magellan’ – was discovered by Tencent’s Blade security team and detailed in a recent blog post.
It can be triggered by simply accessing a malicious web page, the team confirmed, which can lead to RCE, the leaking of program memory, and causing program crashes.
SQLite is a popular database used by a number of leading operating systems, software programs, and browsers including Google’s Chromium.
The Blade team revealed it had successfully exploited Google Home using the vulnerability, though Google has now fixed the bug.
SQLite is also used by Adobe, Apple, Android, Dropbox, and Microsoft.
Magellan has not yet been exploited in the wild, though if you are using an OS or software which uses SQLite, it’s highly recommended that you update to the latest version.
SQLite released an update in version 3.26.0. Chromium users should update to version 71.0.3578.80.
RELATED WordPress plugin flaw leaves 1m sites open to remote takeover