A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
The problem stems from improper permission validation (CWE-276 — Incorrect Default Permissions). The Shortcuts application operates in an environment with restricted file system access; however, an error in the permission verification mechanism allows a specially crafted shortcut to bypass these restrictions. As a result, the shortcut can read or modify files that it should not have access to. Apple resolved the issue by implementing improved permission validation.
An attacker or malicious shortcut can gain unauthorized access to protected user or system files, which may lead to theft of sensitive data, its modification, or deletion.
Update the system to one of the patched versions: iPadOS 17.7.6, macOS Sequoia 15.4 or 15.7.2, macOS Sonoma 14.7.5 or 14.8.2, macOS Ventura 13.7.5, macOS Tahoe 26.1. Detailed information is available in the manufacturer's references at support.apple.com.
iPadOS versions before 17.7.6; macOS Sequoia versions before 15.4 and before 15.7.2; macOS Sonoma versions before 14.7.5 and before 14.8.2; macOS Ventura versions before 13.7.5; macOS Tahoe versions before 26.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple iPadOS
OSApple< 17.7.6Apple macOS
OSApple< 13.7.514.0 – 14.7.5 (bez)15.0 – 15.4 (bez)
Related vulnerabilities
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki