Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:
Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…
They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.
Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.