On the iPhone, the SQLite database vulnerability can be accessed thanks to a known bug in iOS’s Contacts app that has existed for four years now without a fix.

Researchers at security conference Def Con 2019 demonstrated a method of exploiting regular database searches to produce malicious results, and used Apple's standard iOS Contacts app to prove it.

Clever SQLite attack lets hackers get iOS persistence The idea is that vulnerabilities in how third-party apps read data from SQLite databases allows a third-party to hide malicious code in the ...