On the iPhone, the SQLite database vulnerability can be accessed thanks to a known bug in iOS’s Contacts app that has existed for four years now without a fix.

Researchers at security conference Def Con 2019 demonstrated a method of exploiting regular database searches to produce malicious results, and used Apple's standard iOS Contacts app to prove it.

Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps.

Researchers exploit a SQLite memory corruption issue outside of a browser. LAS VEGAS – Researchers at Check Point have identified a new class of vulnerabilities targeting SQLite, outside the ...