New Magellan 2.0 SQLite vulnerabilities affect many programs
-
New vulnerabilities in the SQLite database engine affect a wide range of applications that utilize it as a component within their software packages.
The attacks are coming from inside the database!
-
New vulnerabilities in the SQLite database engine affect a wide range of applications that utilize it as a component within their software packages.
The attacks are coming from inside the database!
I've read up on Magellan and now this and I have yet to see ANY explanation of how these can be used to execute code. In every explanation, code is already being executed in a Chrome container. SQLite is forced to crash that container and then magic happens. (Every article seems to simply repeat Tencent's claims verbatim. Moreover, this is very specific to Chromium; if your app allows SQL injection, you have way more problems to worry about, but even then it doesn't result in the App magically executing actual foreign code.)
-
I've read up on Magellan and now this and I have yet to see ANY explanation of how these can be used to execute code. In every explanation, code is already being executed in a Chrome container. SQLite is forced to crash that container and then magic happens. (Every article seems to simply repeat Tencent's claims verbatim. Moreover, this is very specific to Chromium; if your app allows SQL injection, you have way more problems to worry about, but even then it doesn't result in the App magically executing actual foreign code.)
Plus, I think it’s fixed in Chrome, and the likelihood of someone even trying the overflow in something else is pretty unlikely. I agree that “the holes you make are bigger than the holes the press warns about “ (I really need to work on that bumper sticker aphorism. Not “sexy” enough yet.
TTFN - Kent