13 August 19, 12:23
Quote:Researchers have uncovered some potentially serious SQLite vulnerabilities and they have demonstrated their findings by hacking an iPhone and a command and control (C&C) server used by malware.
SQLite is a small, fast and full-featured database management system contained in a C library. SQLite is widely used and it can be found by default in many mobile and desktop operating systems, including Windows 10, macOS, iOS, Android, BlackBerry 10 OS, Oracle Solaris 10, FreeBSD, and LG webOS. It’s also used by popular web browsers such as Chrome, Firefox and Safari.
Researchers at cybersecurity firm Check Point started investigating SQLite after noticing that some pieces of malware steal passwords from compromised machines by collecting the SQLite database files used by the targeted apps to store passwords. The database files are uploaded to the C&C server and parsed using PHP so that their content can be transferred to a central database where the attackers store all collected passwords.
Check Point’s investigation revealed the existence of several vulnerabilities that allow an attacker to execute arbitrary code by getting an application using SQLite to query a specially crafted database.
Read more here: https://www.securityweek.com/sqlite-vuln...malware-cc