Security Architecture, Endpoint/Device Security, IoT, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Remote code execution flaw found in Google Home smart speaker

A remote code vulnerability called Magellan affecting devices using SQLite or Google’s Chromium-based browsers along with the Google Home smart speaker.

The flaw was uncovered by Tencent Security’s Blade Team and was reported and patched by Google. If left unpatched could lead to remote code execution, leaking program memory or it can cause program crashes. The vulnerability can be triggered remotely by accessing a particular web page, but the good news is there is no evidence of it being used in the wild.

The Tencent team does not intend to release the code and suggests those using either of the potentially affected systems to update to Chrome version 71.0.3578.80 and SQLite 3.26.0.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.