A critical vulnerability, identified as CVE-2024-23204, has been discovered in Apple Shortcuts, affecting both iOS and macOS users, allowing attackers to access sensitive information without user consent. Cybersecurity firm Bitdefender explains that the flaw enables the Shortcuts background process to bypass Apple’s Transparency, Consent, and Control (TCC) framework, even when operating within a sandbox environment. By utilizing certain actions within the Shortcuts app, attackers could transmit base64-encoded data, such as photos, to a remote server without user interaction. This vulnerability was addressed with the release of iOS 17.3, iPadOS 17.3, and macOS Sonoma 14.3, where Apple implemented additional permission checks. Users are strongly advised to update their devices promptly to mitigate the risk posed by this vulnerability.
Read more: https://www.securityweek.com/apple-shortcuts-vulnerability-exposes-sensitive-information/