A vulnerability in Apple Shortcuts, which allowed the transmission of sensitive data to attackers, was patched in iOS 17.3. The exploit was spotted by Bitdefender, which outlined the issue today. It got a Common Vulnerability Score (CVSS score) of 7.5 out of 10, meaning it was a high-severity vulnerability. Bitdefender disclosed the issue to Apple, which issued a patch in iOS 17.3 last month.Shortcuts is an automation tool that works on macOS and iOS devices. It lets people create workflows that streamline tasks, from creating GIFs and combining iPhone photos to automating favorite Tesla features.However, Shortcuts are bound by some rules set by Apple. For example, they're all supposed to adhere to Apple's Transparency, Consent, and Control (TCC), a security framework that "governs access to sensitive user data and system resources by applications," Bitdefender says. Thus, while Shortcuts can do plenty of things, there are checks to keep your privacy intact. The malicious Shortcuts used the "Expand URL" function to bypass Apple's TCC, making it possible for third parties to transmit data to malicious websites. These corrupted Shortcuts could steal photos, contacts, clipboard data, and other files. It would then encode the data in base64 and upload it to a website where it could be copied and stolen. (The above YouTube video shows how the exploit looks to the end user and the attacker.)As AppleInsider reports, the malicious Shortcuts could be shared between users through a link, potentially leading to a widespread infection. Shortcuts can contain hundreds of actions, which would make a malicious Shortcut difficult to identify for the majority of users. Fortunately, the issue is pretty easy to avoid. Apple patched the exploit in the latest versions of iOS 17.3 and macOS Sonoma 14.3. So be sure to update all your devices.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
A vulnerability in Apple Shortcuts, which allowed the transmission of sensitive data to attackers, was patched in iOS 17.3. The exploit was spotted by Bitdefender, which outlined the issue today. It got a Common Vulnerability Score (CVSS score) of 7.5 out of 10, meaning it was a high-severity vulnerability. Bitdefender disclosed the issue to Apple, which issued a patch in iOS 17.3 last month.Shortcuts is an automation tool that works on macOS and iOS devices. It lets people create workflows that streamline tasks, from creating GIFs and combining iPhone photos to automating favorite Tesla features.However, Shortcuts are bound by some rules set by Apple. For example, they're all supposed to adhere to Apple's Transparency, Consent, and Control (TCC), a security framework that "governs access to sensitive user data and system resources by applications," Bitdefender says. Thus, while Shortcuts can do plenty of things, there are checks to keep your privacy intact. The malicious Shortcuts used the "Expand URL" function to bypass Apple's TCC, making it possible for third parties to transmit data to malicious websites. These corrupted Shortcuts could steal photos, contacts, clipboard data, and other files. It would then encode the data in base64 and upload it to a website where it could be copied and stolen. (The above YouTube video shows how the exploit looks to the end user and the attacker.)As AppleInsider reports, the malicious Shortcuts could be shared between users through a link, potentially leading to a widespread infection. Shortcuts can contain hundreds of actions, which would make a malicious Shortcut difficult to identify for the majority of users. Fortunately, the issue is pretty easy to avoid. Apple patched the exploit in the latest versions of iOS 17.3 and macOS Sonoma 14.3. So be sure to update all your devices.