Additional Permissions Checks Implemented to Protect Sensitive Data
Key Information
- Vendor
- Apple
- Status
- Ios And iPad OS
- Watch OS
- Mac OS
- Vendor
- CVE Published:
- 23 January 2024
Badges
Summary
The vulnerability CVE-2024-23204 affects Apple's Shortcuts application and allows potential attackers to access sensitive data without prompting the user. It has a CVSS score of 7.5 and impacts devices running versions prior to macOS Sonoma 14.3 and iOS 17.3 and iPadOS 17.3. The vulnerability was exploited in the wild, and a patch has been released to fix the issue. The attack works by bypassing Transparency, Consent, and Control (TCC), a security framework in Apple's macOS and iOS. Users are advised to update their devices, exercise caution when using shortcuts from untrusted sources, and regularly check for security updates from Apple. The impact of this vulnerability is concerning, as it raises the risk of inadvertent dissemination of malicious shortcuts and potential privacy breaches.
Affected Version(s)
iOS and iPadOS < 17.3
watchOS < 10.3
macOS < 14.3
News Articles
Forbes CVE-2024-23204iOS 17.3—iPhone Update Fixes Major Shortcuts Issue
If you haven't updated to iOS 17.3 yet, now's the time to do it, following a new iPhone security warning. Here's what you need to know.
9 months ago
CVE-2024-23204 Detection: Exploitation of a Recently Patched Vulnerability in Apple Shortcuts App Can Lead to User Data Theft - SOC Prime
Detect CVE-2024-23204 exploitation attempts, a newly patched zero-click Apple Shortcuts vulnerability, with a curated Sigma rule from SOC Prime.
9 months ago
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by Dark Reading
Vulnerability published.
Vulnerability Reserved.