SQLite Database Vulnerable

By

Billions of systems are affected.

The Tencent Blade security team has discovered a vulnerability in the immensely popular open source SQLite database engine. Tencent is one of the three Chinese giants known as BAT (Baidu, Alibaba, and Tencent).

“This vulnerability can be triggered remotely, such as accessing a particular web page in a browser, or any scenario that can execute SQL statements,” said a Tencent blog post.

Because SQLite is one of the most widely used databases, touching all modern applications, this vulnerability affects a wide range of the user base.

According to ZDNet, “Firefox and Edge don't support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected.” That said, Firefox is affected because it comes with a locally accessible SQLite database, allowing it to be exploited locally, but not remotely.

12/18/2018
comments powered by Disqus