SQLite is an in-process library that implements a self-contained, serverless, zero-configuration and transactional database engine. It is also an open-source system which means it is free to use and easily manipulated by the developer that is using it. SQLite is also one of the most widely used database engines with such as Google Chrome, Mozilla Firefox, Windows 10 and a multitude of other well-known programs. Tencent Blade Team (TBT) has been disclosing vulnerabilities in this system for over a year and has released a new report which outlines the latest flaws. Some of the flaws would allow an attacker to execute remote code and cause program crashes. TBT stated in their advisory: “If you are using a software that is using SQLite as component (without the latest patch, which is 13 Dec 2019), and it supports external SQL queries. Or, you are using Chrome that is before 79.0.3945.79 with WebSQL enabled, you may be affected. Other devices such as PC/Mobile devices/IoT devices may also be affected, depends on if there’s a proper attack surface.”
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.