silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
SQLite databases can be modified in such a way that they execute malicious code inside other apps that rely on them to store data, security researchers have revealed.
In demos presented at the DEF CON security conference in Las Vegas today, Check Point security researcher Omer Gull showed demos of a tainted SQLite database hijacking the command and control server of a malware operation, and malware using SQLite to achieve persistence on iOS devices.
The idea is that vulnerabilities in how third-party apps read data from SQLite databases allows a third-party to hide malicious code in the SQLite database's data. When the third-party app, such as iMessage, reads the tainted SQLite database, it also inadvertantly executes the hidden code.
Clever attack uses SQLite databases to hack other apps, malware servers
Tainted SQLite database can run malicious code inside other apps, such as web apps or Apple's iMessage.
www.zdnet.com