Prior to the iOS 17.3 update, Bitdefender’s study indicates that a malicious Shortcut may obtain private information, such as images, and forward it to a hacker. iOS, iPadOS, and macOS all come with built-in shortcuts that provide users access to building automation hooks. Users can exchange these shortcuts with one another by sending links between them, which has the potential to spread harmful shortcuts widely.
As per Bitdefender’s study, which AppleInsider saw, a gullible Shortcuts user would be able to access a Shortcut that targets a weakness in the Transparency, Consent, and Control (TCC) system, which is designed to shield users from identity theft. The vulnerability got around the TCC prompts that usually show up when an app or shortcut tries to access private data or system resources.
By using the “Expand URL” feature, a malicious shortcut might get around TCC and send base64-encoded files, contacts, images, and clipboard contents to a website. The sent data would be captured and stored for possible exploitation by an attacker’s Flask program.
This problem can have been averted by users who checked any new shortcuts that were downloaded to their device. Even though the actions’ steps are displayed within the Shortcut, someone who doesn’t know where to look may not notice them right once, especially because some Shortcuts can have hundreds of activities. Apple classified the problem as CVE-2024-23204.
Updating is the simplest way to prevent any issues with the vulnerability. The vulnerability was fixed with more permission checks in the most recent operating systems. To fix the Shortcuts vulnerability, update to macOS Sonoma 14.3, iPadOS 17.3, or iOS 17.3. With a CVSS score of 7.5 out of 10, Bitdefender categorized the vulnerability as having a very high severity.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.
