Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as ‘Magellan‘ by Tencent’s Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications.
Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and Brave—also support SQLite through the deprecated Web SQL database API, a remote attacker can easily target users of affected browsers just by convincing them into visiting a specially crafted web-page.
Since SQLite is used by everybody including Adobe, Apple, Dropbox, Firefox, Android, Chrome, Microsoft and a bunch of other software, the Magellan vulnerability is a noteworthy issue, even if it’s not yet been exploited in the wild.
Users and administrators are highly recommended to update their systems and affected software versions to the latest release as soon as they become available.
https://thehackernews.com/2018/12/sqlite-vulnerability.html
The company recently started notifying affected users of a security bug that resides in a newly offered feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.
According to Instagram, the plain-text passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook’s servers due to a security bug that was discovered by the Instagram internal team.
The company said the stored data has been deleted from the servers owned by Facebook, Instagram’s parent company and the tool has now been updated to resolve the issue, which “affected a very small number of people.”
https://thehackernews.com/2018/11/instagram-password-hack.html