- Joined
- Mar 3, 2018
- Messages
- 1,713
The security team of the Chinese media conglomerate Tencent has allegedly found a vulnerability in SQLite. Dubbed "Magellan," the vulnerability would supposedly allow attackers to run unauthorized code remotely, leak program memory, or crash programs that use the software. SQLite is used as a component of Firefox and Chrome, among other things, and Tencent claims that the Chromium team has already pushed out a fix. However, Tencent's team chose not to disclose any disclose any details or upload a demonstration of the exploit yet.
Does this vulnerability have exploit code? Yes, we successfully exploited Google Home with this vulnerability, and we currently have no plans to disclose exploit code. What are the conditions for exploiting the vulnerability? This vulnerability can be triggered remotely, such as accessing a particular web page in a browser. Has "Magellan" been abused in the wild? We have not seen the case yet.
Does this vulnerability have exploit code? Yes, we successfully exploited Google Home with this vulnerability, and we currently have no plans to disclose exploit code. What are the conditions for exploiting the vulnerability? This vulnerability can be triggered remotely, such as accessing a particular web page in a browser. Has "Magellan" been abused in the wild? We have not seen the case yet.