A means of the Shortcuts app, com.apple.WorkflowKit.BackgroundShortcutRunner, which executes shortcuts within the background on Apple gadgets can nonetheless, regardless of being sandboxed by TCC, entry some delicate information. This permits for crafting a malicious shortcut, which might then be circulated by way of Shortcut’s sharing mechanism.
“This sharing mechanism extends the potential attain of the vulnerability, as customers unknowingly import shortcuts which may exploit CVE-2023-23204,” Jabin stated in a weblog submit. “With Shortcuts being a extensively used function for environment friendly activity administration, the vulnerability raises issues in regards to the inadvertent dissemination of malicious shortcuts by way of various sharing platforms.”
The malicious shortcut makes use of an motion perform provisioned within the Shortcuts app, “Increase URL,” which permits for the enlargement and cleansing up of any URL that has been beforehand shortened utilizing shorteners akin to t.co and bit.ly.
This perform might be exploited to pick any delicate information inside the system (Pictures, Contacts, Information, and Clipboard Data), import it, and use base64 encoding to transform it for sending it to an attacker-controlled server, in keeping with JABIN.
Apple releases yet one more patch
The bug, which impacts macOS earlier than Sonoma 14.3, iOS earlier than 17.3, and iPadOS earlier than 17.3, has been consequently patched with further permission checks.
Along with making use of the patches on all Apple gadgets, Jabin has suggested Apple clients to train warning when executing shortcuts from untrusted sources.
