Check Point researchers have developed a new attack technique that takes advantage of memory safety issues in the widely used SQLite database engine. It allows attackers to execute commands in applications that rely on the engine for data storage.
The discovered flaws represent a very serious threat because SQLite is everywhere. It is used by Windows 10, Mac, Android and iOS devices and is embedded in popular browsers and applications like Skype, iTunes, Dropbox, as well as in various Internet-of-things devices. According to Omer Gull of Check Point, the research makes it apparent that “defenders should now take into consideration the fact that simply querying a database might have disastrous consequences and act accordingly,” because “attackers can now leverage the use of SQLite database for their own malicious intent.”
Read more: Researchers Show How SQLite Can Be Modified to Attack Apps