Tencent Allegedly Finds a SQLite Bug

Discussion in 'HardForum Tech News' started by AlphaAtlas, Dec 17, 2018.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    The security team of the Chinese media conglomerate Tencent has allegedly found a vulnerability in SQLite. Dubbed "Magellan," the vulnerability would supposedly allow attackers to run unauthorized code remotely, leak program memory, or crash programs that use the software. SQLite is used as a component of Firefox and Chrome, among other things, and Tencent claims that the Chromium team has already pushed out a fix. However, Tencent's team chose not to disclose any disclose any details or upload a demonstration of the exploit yet.

    Does this vulnerability have exploit code? Yes, we successfully exploited Google Home with this vulnerability, and we currently have no plans to disclose exploit code. What are the conditions for exploiting the vulnerability? This vulnerability can be triggered remotely, such as accessing a particular web page in a browser. Has "Magellan" been abused in the wild? We have not seen the case yet.
     
  2. bobdabilder

    bobdabilder Limp Gawd

    Messages:
    291
    Joined:
    Oct 7, 2009
    If true, this is quite impactful.
     
  3. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,662
    Joined:
    Jun 1, 2004
    seems kind of powerful from a chinese firm to do this from a nation that does spate sponsored hacking. i wonder if it was a message to china or the usa?
     
    alxlwson likes this.
  4. Nobu

    Nobu 2[H]4U

    Messages:
    3,279
    Joined:
    Jun 7, 2007
    Wow, responsible disclosure? Haven't seen that in a while...well, not in the news anyway.
     
  5. whatevs

    whatevs Limp Gawd

    Messages:
    199
    Joined:
    Jun 23, 2017
    Maybe just too jaded, but just a PR move about something after they found out the competition started using it too.

    Trying to not go Huawei's route, as their apps are expected to steal everything on parents phone/network as payment for "free game".

    Just sleight of hand with Huawei from their government, the real meat and bones of siphoning real time information of targets is through the children.
     
  6. toast0

    toast0 Gawd

    Messages:
    914
    Joined:
    Jan 26, 2010
    I think Tencent's security team is a PR move to compete with Google for mindshare, but they've been releasing good findings, which is what we want from a security team.