Tencent Allegedly Finds a SQLite Bug

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
The security team of the Chinese media conglomerate Tencent has allegedly found a vulnerability in SQLite. Dubbed "Magellan," the vulnerability would supposedly allow attackers to run unauthorized code remotely, leak program memory, or crash programs that use the software. SQLite is used as a component of Firefox and Chrome, among other things, and Tencent claims that the Chromium team has already pushed out a fix. However, Tencent's team chose not to disclose any disclose any details or upload a demonstration of the exploit yet.

Does this vulnerability have exploit code? Yes, we successfully exploited Google Home with this vulnerability, and we currently have no plans to disclose exploit code. What are the conditions for exploiting the vulnerability? This vulnerability can be triggered remotely, such as accessing a particular web page in a browser. Has "Magellan" been abused in the wild? We have not seen the case yet.
 

oROEchimaru

Supreme [H]ardness
Joined
Jun 1, 2004
Messages
4,662
seems kind of powerful from a chinese firm to do this from a nation that does spate sponsored hacking. i wonder if it was a message to china or the usa?
 

Nobu

[H]F Junkie
Joined
Jun 7, 2007
Messages
8,541
Wow, responsible disclosure? Haven't seen that in a while...well, not in the news anyway.
 

whatevs

Limp Gawd
Joined
Jun 23, 2017
Messages
199
Maybe just too jaded, but just a PR move about something after they found out the competition started using it too.

Trying to not go Huawei's route, as their apps are expected to steal everything on parents phone/network as payment for "free game".

Just sleight of hand with Huawei from their government, the real meat and bones of siphoning real time information of targets is through the children.
 

toast0

[H]ard|Gawd
Joined
Jan 26, 2010
Messages
1,894
Maybe just too jaded, but just a PR move about something after they found out the competition started using it too.

I think Tencent's security team is a PR move to compete with Google for mindshare, but they've been releasing good findings, which is what we want from a security team.
 
Top