Categories: iOS

iOS 17.3 corrected a major vulnerability related to shortcuts

Prior to the iOS 17.3 update, Bitdefender’s study indicates that a malicious Shortcut may obtain private information, such as images, and forward it to a hacker. iOS, iPadOS, and macOS all come with built-in shortcuts that provide users access to building automation hooks. Users can exchange these shortcuts with one another by sending links between them, which has the potential to spread harmful shortcuts widely.

As per Bitdefender’s study, which AppleInsider saw, a gullible Shortcuts user would be able to access a Shortcut that targets a weakness in the Transparency, Consent, and Control (TCC) system, which is designed to shield users from identity theft. The vulnerability got around the TCC prompts that usually show up when an app or shortcut tries to access private data or system resources.

By using the “Expand URL” feature, a malicious shortcut might get around TCC and send base64-encoded files, contacts, images, and clipboard contents to a website. The sent data would be captured and stored for possible exploitation by an attacker’s Flask program.

This problem can have been averted by users who checked any new shortcuts that were downloaded to their device. Even though the actions’ steps are displayed within the Shortcut, someone who doesn’t know where to look may not notice them right once, especially because some Shortcuts can have hundreds of activities. Apple classified the problem as CVE-2024-23204.

How can you defend against the susceptibility of shortcuts?

Updating is the simplest way to prevent any issues with the vulnerability. The vulnerability was fixed with more permission checks in the most recent operating systems. To fix the Shortcuts vulnerability, update to macOS Sonoma 14.3, iPadOS 17.3, or iOS 17.3. With a CVSS score of 7.5 out of 10, Bitdefender categorized the vulnerability as having a very high severity.

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

2 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

2 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

2 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

2 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

2 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

3 hours ago