Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Magellan RCE flaw in SQLite potentially affects billions of apps

Security experts at Tencent’s Blade security team discovered the Magellan RCE flaw in SQLite database software that exposes billions of vulnerable apps. Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software that exposes billions of vulnerable apps to hackers. The vulnerability tracked as ‘Magellan‘ could allow remote attackers […]

Magellan flaw

Security experts at Tencent’s Blade security team discovered the Magellan RCE flaw in SQLite database software that exposes billions of vulnerable apps.

Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software that exposes billions of vulnerable apps to hackers.

The vulnerability tracked as ‘Magellan‘ could allow remote attackers to execute arbitrary on vulnerable devices, leak program memory or cause dos condition with application crash.

“Magellan is a remote code execution vulnerability discovered by Tencent Blade Team that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. ” reads a blog post published by the Tencent Blade Team.

SQLite is a widely adopted relational database management system contained in a C programming library. Unlike many other database management systems, SQLite is not a client–server database engine. Rather, it is embedded into the end program.

SQLite is used by millions of applications with billions of installs, Magellan potentially affects IoT devices, macOS and Windows apps.

Experts also tested Chromium and discovered it was affected too, Google has confirmed and fixed this issue.

Chromium-based web browser such as Google Chrome, Opera, Vivaldi, and Brave also support SQLite through the deprecated Web SQL database API.

Experts warn that a remote attacker can easily target people using vulnerable browsers by tricking them visiting a specially crafted web-page.

“After testing Chromium was also affected by this vulnerability, Google has confirmed and fixed this vulnerability. We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible.” continues the post.

SQLite version 3.26.0 addresses the Magellan flaw, Google released Chromium version 71.0.3578.80 to fix the issue and rolled out the patched version to the latest version of Google Chrome and Brave web-browsers.

The Tencent experts said they successfully build a proof-of-concept exploit using the Magellan flaw that worked against Google Home.

Experts did not disclose the exploit to allow development teams to address flawed applications. The good news is that experts have not seen attacks abusing the Magellan flaw yet.

Users and administrators have to update their systems and vulnerable applications as soon as possible.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –Magellan flaw, hacking)

[adrotate banner="5"]

[adrotate banner="13"]