{"vulnerability": "CVE-2019-8577", "sightings": [{"uuid": "a2e49761-f5d6-4c02-a1a7-7ffccced1057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-8577", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4264", "content": "line functionality.\n\n\n\n\n\nSQLite Security Vulnerabilities\n\n\n\n\nOne of the most intriguing vulnerabilities demonstrated was the potential for SQLite databases to be exploited by threat actors as an attack vector to execute malicious code in other applications.\n\n\n\n\n\u201cWe discovered that simply querying a malicious SQLite database can lead to Remote Code Execution. We leveraged undocumented SQLite3 behavior and memory corruption vulnerabilities to exploit the assumption that querying a database is safe,\u201d explained Omer Gull, a security researcher at Check Point. \u201cWe created a rogue SQLite database that exploits the software used to open it.\u201d\n\n\n\n\nThe study conducted by the researchers demonstrated how to exploit memory corruption issues in SQLite using only the SQL language. The experts developed techniques such as Query Hijacking and Query-Oriented Programming to trigger these issues within the SQLite engine. Gull showcased a couple of real-world scenarios: in one, he hacked the command-and-control (C2) server of a password stealer, and in another, he demonstrated how to achieve persistent iOS access with elevated privileges.\n\n\n\n\nThe attack technique leverages vulnerabilities in the process third-party apps use to read data from SQLite databases. The researchers were able to store malicious code within an SQLite database used by third-party applications. Once these applications accessed the database, the malicious code was executed.\n\n\n\n\nAt DEF CON, the researchers demonstrated how SQLite databases could be used to execute malware when accessed by iMessage. An attacker could replace or modify the \u201cAddressBook.sqlitedb\u201d file, injecting malware into an iPhone\u2019s address book. When iMessage queries this SQLite file, it would trigger the execution of the malicious code, allowing the malware to gain persistence on the device.\n\n\n\n\n\u201cFurthermore, the contacts database is shared among many processes, including Contacts, FaceTime, Springboard, WhatsApp, Telegram, and XPCProxy. Some of these processes are more privileged than others,\u201d reads the analysis published by Check Point. \u201cOnce we proved that we could execute code within the context of the querying process, this technique also allowed us to expand and elevate our privileges.\u201d\n\n\n\n\nExperts reported their findings to Apple, and the issues were assigned the following CVEs:\n\n* \nCVE-2019-8600\n\n* \nCVE-2019-8598\n\n* \nCVE-2019-8602\n\n* \nCVE-2019-8577\n\n\n\n\n\nSecurity researchers believe this is just the beginning of exploring SQLite's exploitation potential. The techniques developed are not exclusive to SQLite and could potentially be adapted to other SQL engines, opening up new avenues for both attack and defense in the cybersecurity landscape.\n\n\n\n\nSummary\n\n\n\n\nThe cat-and-mouse game between attackers and defenders continues to evolve, with SQLite as just one of many battlegrounds. As technology continues to evolve, SQLite's role in the digital landscape is likely to grow, making it an essential subject of study for anyone involved in cybersecurity.", "creation_timestamp": "2024-09-19T03:49:57.000000Z"}, {"uuid": "4d6427bf-3e5a-46b2-b935-93297219da05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-8577", "type": "seen", "source": "https://t.me/androidMalware/379", "content": "Now available SQLite vulnerabilities affecting iOS 12.3/macOS Mojave 10.14.5\n\nCVE-2019-8598: https://cpr-zero.checkpoint.com/vulns/cprid-2118/\nCVE-2019-8577: https://cpr-zero.checkpoint.com/vulns/cprid-2119/\nCVE-2019-8600: https://cpr-zero.checkpoint.com/vulns/cprid-2120/\nCVE-2019-8602: https://cpr-zero.checkpoint.com/vulns/cprid-2121/", "creation_timestamp": "2019-09-16T12:07:43.000000Z"}]}