A means of the Shortcuts app, com.apple.WorkflowKit.BackgroundShortcutRunner, which executes shortcuts within the background on Apple units can nonetheless, regardless of being sandboxed by TCC, entry some delicate information. This permits for crafting a malicious shortcut, which might then be circulated via Shortcut’s sharing mechanism.
“This sharing mechanism extends the potential attain of the vulnerability, as customers unknowingly import shortcuts which may exploit CVE-2023-23204,” Jabin mentioned in a weblog put up. “With Shortcuts being a extensively used function for environment friendly job administration, the vulnerability raises issues concerning the inadvertent dissemination of malicious shortcuts via various sharing platforms.”
The malicious shortcut makes use of an motion perform provisioned within the Shortcuts app, “Develop URL,” which permits for the enlargement and cleansing up of any URL that has been beforehand shortened utilizing shorteners corresponding to t.co and bit.ly.
This perform may be exploited to pick any delicate information inside the machine (Photographs, Contacts, Recordsdata, and Clipboard Knowledge), import it, and use base64 encoding to transform it for sending it to an attacker-controlled server, in line with JABIN.
Apple releases yet one more patch
The bug, which impacts macOS earlier than Sonoma 14.3, iOS earlier than 17.3, and iPadOS earlier than 17.3, has been consequently patched with further permission checks.
Along with making use of the patches on all Apple units, Jabin has suggested Apple prospects to train warning when executing shortcuts from untrusted sources.
