How did a useful feature turn into a powerful data theft tool?
In the world of technology, a new threat has been discovered that affects users of Apple products. This time, the vulnerability concerns the Shortcuts application — a tool for creating custom automated tasks that is built into the iOS, iPadOS, macOS, and watchOS operating systems.
The issue, which was identified as CVE-2024-23204 and has a severity rating of 7.5 on the CVSS scale, allows you to use a shortcut to access confidential information on the target device without the user's consent.
The vulnerability was discovered by a security specialist from Bitdefender named Jubaer Alnazi Jabin. It revealed that attackers can create a malicious macro in the Shortcuts app that bypasses the policy of TCC, Apple's security framework designed to protect user data from unauthorized access.
The problem is based on the "Expand URL" function in the Shortcuts app. It is designed to extend shortened URLs, such as "t.co" or "bit.ly", and deleting UTM tracking parameters. Using this functionality, attackers are able to transfer any user files encoded in Base64 to a controlled malicious site.
Alnazi Jabin explained, "The method involves selecting any sensitive data (photos, contacts, files, and clipboard data) in the Shortcuts app, importing it, converting it using the base64 encoding option, and eventually forwarding it to a malicious server."
Exploiting the vulnerability poses a serious threat, as the Shortcuts application allows users to export and share created macros, which significantly expands the potential of attacks.
Apple quickly responded to the situation by releasing updates for its operating systems on January 22, 2024. Versions of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3 are protected from this threat. Details were revealed only a month later, so that as many users as possible could upgrade to a secure version of the OS.
If you still haven't updated your device for some reason, you should do so immediately to avoid potential exploitation of CVE-2024-23204.
In the world of technology, a new threat has been discovered that affects users of Apple products. This time, the vulnerability concerns the Shortcuts application — a tool for creating custom automated tasks that is built into the iOS, iPadOS, macOS, and watchOS operating systems.
The issue, which was identified as CVE-2024-23204 and has a severity rating of 7.5 on the CVSS scale, allows you to use a shortcut to access confidential information on the target device without the user's consent.
The vulnerability was discovered by a security specialist from Bitdefender named Jubaer Alnazi Jabin. It revealed that attackers can create a malicious macro in the Shortcuts app that bypasses the policy of TCC, Apple's security framework designed to protect user data from unauthorized access.
The problem is based on the "Expand URL" function in the Shortcuts app. It is designed to extend shortened URLs, such as "t.co" or "bit.ly", and deleting UTM tracking parameters. Using this functionality, attackers are able to transfer any user files encoded in Base64 to a controlled malicious site.
Alnazi Jabin explained, "The method involves selecting any sensitive data (photos, contacts, files, and clipboard data) in the Shortcuts app, importing it, converting it using the base64 encoding option, and eventually forwarding it to a malicious server."
Exploiting the vulnerability poses a serious threat, as the Shortcuts application allows users to export and share created macros, which significantly expands the potential of attacks.
Apple quickly responded to the situation by releasing updates for its operating systems on January 22, 2024. Versions of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3 are protected from this threat. Details were revealed only a month later, so that as many users as possible could upgrade to a secure version of the OS.
If you still haven't updated your device for some reason, you should do so immediately to avoid potential exploitation of CVE-2024-23204.
