Apple patches high-severity iOS vulnerability allowing Shortcuts app access to sensitive data
-
iOS 17.3 patched a vulnerability (CVE-2024-23204) in the Shortcuts app that could allow access to sensitive data without permission.
-
The flaw allows malicious Shortcuts scripts to bypass Apple's Transparency, Consent and Control (TCC) protections.
-
Users could unknowingly download a malicious Shortcut that exploits this vulnerability through a sharing platform.
-
The vulnerability has a CVSS severity score of 7.5 out of 10, making it a high-severity issue.
-
Users should update to iOS 17.3.1 immediately to patch this and other actively exploited flaws.