SQLite Bug Affects Billions of App Installations Worldwide

SQLite is the most popular database based on the number of installed copies on PCs and mobile devices. The bug, named Magellan, was discovered by the Tencent Blade security team, part of the Chinese mega holding company Tencent.

The bug can allow a hacker to run arbitrary code, leak data or crash programs, depending on the situation.

The bug can be exploited remotely just by getting a person to visit an infected web page.

All Chromium browsers – Chrome, Vivaldi, Opera and Brave – are affected. Now that Microsoft says that they are rewriting Edge to use Chromium, it too, will be impacted by similar bugs in the future.

In addition, thousands of applications representing billions of deployments across many platforms – Windows, Mac, Android, iOS and Linux – all use SQLite.

To make matters worse, many IOT devices use SQLite.

For Chrome users, Google has released a fix for the bug. Since Chrome generally updates itself, Chrome users should be OK.

For users of IOT devices and those thousands of unique applications that use the affected versions of SQLite, the developers will need to update their apps and then the users will need to install those updated versions of the apps.

For the most part, users will not know which applications are affected.

Worse yet, many phone apps are not supported at all and will never be fixed, leaving those phones potentially exposed forever.

For businesses, IT organizations need to scope out the magnitude of the problem.

Some information for this alert came from ZDNet.