On the iPhone, the SQLite database vulnerability can be accessed thanks to a known bug in iOS’s Contacts app that has existed for four years now without a fix.

Clever SQLite attack lets hackers get iOS persistence The idea is that vulnerabilities in how third-party apps read data from SQLite databases allows a third-party to hide malicious code in the ...

Researchers at security conference Def Con 2019 demonstrated a method of exploiting regular database searches to produce malicious results, and used Apple's standard iOS Contacts app to prove it.