Apple’s Shortcuts Vulnerability Exposed by Researchers

February 25, 2024
1 min read


TLDR:

  • Researchers discovered a vulnerability in Apple’s Shortcuts app, posing a risk to user privacy.
  • CVE-2024-23204 exposes a critical flaw in sharing mechanisms, allowing malicious shortcuts to exploit data.

Researchers recently found a vulnerability, CVE-2024-23204, in Apple’s Shortcuts application, raising concerns about user privacy. Shortcuts is a powerful automation tool that allows users to create personalized workflows for tasks on macOS and iOS devices. The vulnerability primarily affects how Shortcuts handles permissions, allowing malicious shortcuts to access sensitive data without user consent, with a high severity level CVSS score of 7.5.

The ‘Expand URL’ function within Shortcuts was found to be pivotal in bypassing security measures, potentially enabling attackers to gain unauthorized access to data or perform malicious actions on affected systems. To mitigate this risk, Apple has released updates across various devices, including macOS Sonoma 14.3, watchOS 10.3, iOS 17.3, and iPadOS 17.3, improving permissions checks.

Users are advised to update their devices to safeguard against potential exploits and exercise caution when importing shortcuts from unverified sources. The security community emphasizes the importance of scrutinizing shared shortcuts and adopting best practices for sharing and importing shortcuts. Apple’s advisory underlines the need for advanced security measures to counter evolving cyber threats within the Apple ecosystem.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and