I have Android one device and it has latest November 2019 update installed. Installed Norton halt app and it showed positive for Magellan. But Google has already fixed this issue in march security update. They patched the sqlite 3.22 in framework. The original sqlite3 lib has this fix in 3.25.3.
Does halt app only check the sqlite version to detect this vulnerability?
Magellan may be a false positive on most phones then.
Looks can be deceiving. Remember that in an ideal world, a change in code for a Security app needs to work with every device in the world. So the actual code change may be somewhat simple, the testing phase takes a long time to get it right.
Also priorities need to be looked at. Not sure where a suggestion such as this would fit in with the developer's "to do list." Actual protection features are going to be higher priority than an improvement to the UI.
Plus, Norton will never give an ETA for a feature or fix, because they cannot foresee all glitches or bugs that get detected during the test phase. Better to just say it will be in a future update, than to promise a date, then not be able to deliver on that date.
Thank you. It looks simple feature, when can I expect it to be available in play?
Please forward this feature request to the developer team: After scan it should display a list of apps that are using the problematic sqlite.
Already did that when I asked my contacts for clarification on this issue.
Please forward this feature request to the developer team:
After scan it should display a list of apps that are using the problematic sqlite.
Just because Google has fixed the issue does not mean that all manufacturers or cell carriers have incorporated it in their latest available version of the Android OS.
Try asking your device's manufacturer, or your cell carrier, if they have addressed this issue in their OS updates.
Security update was for multiple vulnerabilities fixed by Google in march.
Here is the link to the bulletin of that update:
https://source.android.com/security/bulletin/2019-03-01
CVE-2018-20346 is Magellan. The fix is in platform.
The commit message says “Apply security patch to sqlite 3.22.
This patch fixes Magellan SQLite Security Vulnerability”
https://android.googlesource.com/platform/external/sqlite/+/18c26a364fe8979b5dbbd93a439c49b2db5d104c
So even if my device has sqlite 3.22, it should have the fix because Google patched its sqlite rather than upgrading to sqlite3.25.3. so if halt is just checking the version of sqlite then it’s shallow check. It is a false positive for many devices.
It does not look like halt is checking all apps when I tap check under Magellan. It hardly takes half a second to show results screen. And there is a separate button for scanning apps. That shows no issues.
Can you please check again?
Was this security update you refer to for the Android OS or just SQLite?
Looking at one reference to this vulnerability from blade.tencent.com, , in the Q&A section this is asked and answered.
Am I affected by the vulnerability?
If your application uses the FTS3 extension in SQLite below 3.25.3 and allows an attacker to run arbitrary SQL statements (either deliberately or by accident) then you could be vulnerable to the Magellan attack.
So reading this would indicate that all applications on your device that use an older SQLite version will still be vulnerable. It is not just the OS version. I'm no expert on app programming, but you would need to find a way to check all apps on your device to see if they have been updated to use the newer SQLite version.
Norton Halt scans the apps on your device to see if they are vulnerable. Unfortunately, it does not give specifics of which apps may be affected.