The latest iOS 17.3 update contains a fix for a vulnerability in the Shortcuts app.
Versions macOS Sonoma 14.3, iPadOS 17.3, and iOS 17.3 contained code that patched the Shortcuts vulnerability. The issue was rated a 7.5 of 10 in the CVSS score, thereby classifying it as a ‘very high severe vulnerability.’ Shortcuts are integrated into macOS, iPadOS, and iOS for building automations and can be shared between users through a link. This can lead to a widespread occurrence of a malicious Shortcut making its way through the public.
Bitdefender performed a research of unsuspecting users that could accept a Shortcut. This Shortcut can bypass the Transparency, Consent, and Control system and allow the attacker to collect data. A device usually prompts the TCC when a Shortcut or app attempts to gain access to system resources or sensitive information, but the vulnerability bypasses the check.
