Tencent Allegedly Finds a SQLite Bug

[AlphaAtlas]

The security team of the Chinese media conglomerate Tencent has allegedly found a vulnerability in SQLite. Dubbed "Magellan," the vulnerability would supposedly allow attackers to run unauthorized code remotely, leak program memory, or crash programs that use the software. SQLite is used as a component of Firefox and Chrome, among other things, and Tencent claims that the Chromium team has already pushed out a fix. However, Tencent's team chose not to disclose any disclose any details or upload a demonstration of the exploit yet.

Does this vulnerability have exploit code? Yes, we successfully exploited Google Home with this vulnerability, and we currently have no plans to disclose exploit code. What are the conditions for exploiting the vulnerability? This vulnerability can be triggered remotely, such as accessing a particular web page in a browser. Has "Magellan" been abused in the wild? We have not seen the case yet.

 

[bobdabilder]

If true, this is quite impactful.

 

[oROEchimaru]

seems kind of powerful from a chinese firm to do this from a nation that does spate sponsored hacking. i wonder if it was a message to china or the usa?

 

[Nobu]

Wow, responsible disclosure? Haven't seen that in a while...well, not in the news anyway.

 

[whatevs]

Maybe just too jaded, but just a PR move about something after they found out the competition started using it too.

Trying to not go Huawei's route, as their apps are expected to steal everything on parents phone/network as payment for "free game".

Just sleight of hand with Huawei from their government, the real meat and bones of siphoning real time information of targets is through the children.

 

[toast0]

Maybe just too jaded, but just a PR move about something after they found out the competition started using it too.

I think Tencent's security team is a PR move to compete with Google for mindshare, but they've been releasing good findings, which is what we want from a security team.