High-Severity Vulnerability in Apple Products

Published on 29 Feb 2024

Apple has released security updates to address a high-severity vulnerability (CVE-2024-23204) affecting their Shortcuts app in their products.

The Apple Shortcuts app allows users to create automated sequences of actions, simplifying and streamlining tasks on iOS devices. Attackers can make use of malicious shortcuts to bypass devices' Transparency, Consent, and Control (TCC) security framework which governs user privacy by managing and regulating access to sensitive data and system resources. The security framework requires explicit user consent for apps to access certain information or features. Users should verify the trustworthiness of the source before importing Shortcuts shared on online communities.

Successful exploitation of the Zero-Click Shortcuts vulnerability could allow an attacker to access sensitive information on the devices without users' consent.

The vulnerability affects the following product versions:

• macOS Sonoma versions prior to 14.3

• iOS versions prior to 17.3

• iPadOS versions prior to 17.3

Users of the affected products are advised to update to the latest versions immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/HT214059

https://thehackernews.com/2024/02/researchers-detail-apples-recent-zero.html

https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/