Check Point researchers have demonstrated a flaw in SQLite by showing how it could be used on Apple iPhones.
Researchers at Check Point Software Technologies Ltd. have discovered a flaw in one of the most-deployed pieces of software in the world that undergirds the contacts list on Apple Inc. iPhones and plays an important in nearly every popular computing platform.
The SQLite database engine is used in operating systems, desktops and mobile phones — including iOS and MacOS, Alphabet Inc.’s Chrome browser and Android operating system, Microsoft Corp.’s Windows 10, as well as Safari and Firefox web browsers. SQLite is also used in products from Dropbox Inc., Adobe Inc., and others.
As a proof of concept, the researchers say they were able to surreptitiously gain greater access to iOS privileges. “If successful, the intruder owns your iPhone” and the information on it, Omri Herscovici, the security research team leader at Check Point who authored the 82-page report, told MarketWatch in a phone briefing.
Check Point said it informed Apple in March and the company issued a patch in May.
MacDailyNews Take: Patched. At least by Apple. With any of those other operating systems, desktops and mobile phones, your mileage may, and very likely will, vary greatly.
If you haven’t updated your iPhone, iPad, and/or iPod touch software since May, do so ASAP.