Attackers can modify the SQLite database and execute the malicious code inside the applications that store data in such databases. This was told by the Check Point experts at DEF CON in Las Vegas, as a proof of concept they used iMessage.
The researcher Omer Gal from Check Point demonstrated a malicious program that uses SQLite for rooting on iOS. Specialist also showed how to use SQLite database, you can gain control of the command center malicious operations (C&C).
In the event of an attack on iOS devices the idea is to use the vulnerabilities in the process of reading data from a SQLite database third-party applications. Holes allow malicious code to hide data in SQLite DB.
When such a third-party application — in this case, the iMessage — reads data from a compromised database, it at the same time the machine executes the hidden code.
During the demonstration at DEF CON Gal just used iMessage. As a result, the expert showed how an attacker could replace or edit the file AddressBook.sqlitedb to inject malicious code into iPhone address book.
When iMessage queries the SQLite file (which happens regularly at certain intervals), runs a malicious code that allows the malware to gain a foothold in the operating system.
To eliminate this attack vector, Apple released patches for vulnerabilities under the identifiers CVE-2019-8600, CVE-2019-8598, CVE-2019-8602, CVE-2019-857.
Read more •••