"Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft"
A vulnerability in Apple's popular Shortcuts app enables attackers to access sensitive data across the device without the user's permission. The Shortcuts app, designed for macOS and iOS, aims to automate tasks. According to Bitdefender's analysis, the vulnerability tracked as CVE-2024-23204, allows the creation of a malicious Shortcuts file that can bypass Apple's Transparency, Consent, and Control (TCC) security framework, which is implemented to ensure apps explicitly request permission from the user before accessing specific data or functionalities. This article continues to discuss the potential exploitation and impact of the zero-click Apple Shortcuts vulnerability.
Dark Reading reports "Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft"
Submitted by grigby1