"The new attack techniques exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code execution on an iOS device" Memory corruption is NOT a new technique, at all. A new technique wouldn't be specific to one database either.https://twitter.com/threatpost/status/1160299070155624448 …
-
Show this thread
-
"SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation,” said Omer Gull, vulnerability researcher at Check Point," This is factually incorrect. Vuln tourist.
1 reply 1 retweet 2 likesShow this thread -
“We can gain administrative control of the device through the database engine that OS uses (SQLite)… " What part of this doesn't scream "implementation issue"?
1 reply 1 retweet 6 likesShow this thread -
“Any code, web or native, querying an attacker-controlled database might be in danger,” the researcher said. Uh, if the attacker controls your *database*? Seriously? Is this shit journalism, or shit research
@threatpost?2 replies 2 retweets 5 likesShow this thread
Huh, even that video raises more questions than it answers...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.