Critical SQLite Flaw Dubbed Magellan Allows Remote Code Execution

cyber security professional
  • Security researchers discovered a critical flaw in the SQLite database allowing allows remote attackers to execute arbitrary codes.
  • The flaw dubbed Magellan was discovered by security researchers at Tencent Blade Team.
  • The flaw also can cause programs to crash and Leaking program memory.
  • Technical details and proof-of-concept exploit code were not disclosed by researchers since a lot of applications are yet to release patches

Security researchers have discovered a critical flaw in SQLite database software dubbed Magellan.

The flaw allows remote attackers to execute arbitrary codes on the affected system and also can cause programs to crash and leaking program memory.

The remote code execution vulnerability was discovered by security researchers at Tencent Blade Team exposing millions of application vulnerable to attackers

“Magellan is a remote code execution vulnerability discovered by Tencent Blade Team that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence.”

The flaw impacts any systems that use SQLite or Chromium. According to researchers Google has confirmed Chromium was affected by the vulnerability and also fixed the issue.

The vulnerability can be triggered remotely by tricking users to visit a specially crafted webpage.

Researchers said they have successfully developed proof-of-concept and exploited Google Home with this vulnerability.

Researchers also said they have no plans to disclose technical details and proof-of-concept exploit code to the public since most of the applications are yet to release patches.

Google has fixed the issue in Chromium version 71.0.3578.80 and SQLite has also released updated version 3.26.0 to patch the issue.

Researchers said they did not find any evidence of Magellan been abused in the wild. Users are advised to update their device and software as soon update is available

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin and Twitter.

You may be interested in reading:New Variants of Shamoon Disk-Wiping Malware Uploaded to VirusTotal

 

Comments

Please rate this content