Our team's security researcher @leonwxqian discovered a SQLite remote code execution vulnerability. This vulnerability can be triggered remotely by accessing a web page, affecting all software that uses Chromium or SQLite. Details can be found at https://blade.tencent.com/magellan/index_en.html ….
-
-
Seems that way to me too. But this contradicts Tencent's claim that *all* apps using SQLite are affected.
-
All apps using SQLite would technically *contain* the vulnerability. But if there's no attack vector to allow an attacker to perform the queries, then there's no way for an attacker to reach the vulnerability.
- 2 more replies
New conversation -
-
-
For example, here's the crash in sqlite itself. I'd imagine that any app that allows such queries to make their way to sqlite would be affected.pic.twitter.com/XPY7uEE8CK
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.