ALERT: SQLite database Remote Code Execution Vulnerability

  • Post author:
  • Reading time:4 mins read

SQLite is a cross-platform relational database management system. It is known to be the most used database engine in the world. The vendor claims that several applications, like Skype, Firefox, Chrome, Safari, etc., use billions of deployments of SQLite. Researchers showcased how SQL language can exploit the memory corruption issues within SQLite at DEF CON 27. To prevent such exploitations, a good vulnerability management tool can be helpful.

A remote code execution vulnerability was discovered in SQLite by Checkpoint researchers. A vulnerability scanning tool can detect this vulnerability. The researchers used Query Hijacking and Query Oriented Programming to exploit the memory corruption vulnerabilities in SQLite. SQlite vulnerability  exists because third-party applications read data from the SQLite database in an insecure manner. A typical exploit scenario could include an attacker storing malicious code on the database. When an application tries to access data from this database, the malicious code gets executed. But it is also worthy to note that an attacker needs to have filesystem access permissions to modify the contents of the SQLite database file. Using a patch management tool can be helpful.

SQlite vulnerability does not spare the oh-so secure Apple devices either. The researchers demonstrated how a simple and standard application like Apple iOS Contacts could run malicious code on the device using a four-year-old unpatched bug (CVE-2015-7036) in Apple iOS. However, Apple considered this bug unimportant as it allowed untrusted applications to execute arbitrary SQL commands. Considered trivial, the bug is due to Apple not running unknown applications. However, the researchers proved that a trusted application could also use this flaw to execute arbitrary code.

Apple received reports of these vulnerabilities and issued a fix for them in the May 2019 updates with the release of macOS Mojave 10.14.5iOS 12.3tvOS 12.3, iCloud, iTunes and watchOS 5.2.1. These vulnerabilities are:

  • CVE-2019-8598 – Information Disclosure Vulnerability
  • CVE-2019-8602 – Elevation of Privilege Vulnerability
  • CVE-2019-8577 – Elevation of Privilege Vulnerability

The advice is to install the updates from Apple (if not already applied), while the other vendors research and fix the vulnerabilities.


Affected Products:

Platforms using SQLite are prone to Remote Code Execution Vulnerability. Since many applications use SQLite, this could be a starting point for various vulnerabilities in various applications. SQlite vulnerability could be present on other SQL engines too.


Impact:

An attacker who has access to the filesystem can inject malicious code into the SQLite database files. When an application attempts to read data from this file, it executes the malicious code.


Solution:

Apple released updates in May 2019 to address these vulnerabilities. We will inform you about updates as and when other vendors release them.