Connect with us

Hi, what are you looking for?

iPhone

New iOS 17.3 Update Warning Issued To All iPhone Users

New iOS 17.3 Update Warning Issued To All iPhone Users


Apple’s iOS 17.3 launched a month ago and many security-conscious iPhone users have already upgraded to the latest software. But many more cautious iPhone users prefer to wait to update their device, in case any bugs are introduced.

In the case of iOS 17.3, waiting really isn’t a good idea, because some of the security flaws patched in the upgrade are being exploited in real-life attacks.

Now, with iOS 17.4 set to arrive in a matter of days, details have emerged about one of the issues fixed in iOS 17.3, tracked as CVE-2024-23204 and reported by Jubaer Alnazi, a researcher at security outfit Bitdefender.

“Apple’s Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches,” Alnazi wrote in a blog describing the nature of the vulnerability, its potential impact, and recommended mitigation measures.

What Is CVE-2024-23204 And How Bad Is It?

Fixed in iOS 17.3, CVE-2024-23204 is an issue in Apple’s Shortcuts that could allow an attacker to access sensitive data with certain actions without prompting the user.

The issue was addressed with additional permissions checks, according to Apple’s support page detailing the iOS 17.3 fixes. Reported to the iPhone maker by Alnazi (@h33tjubaer), the flaw has been given a CVSS score of 7.5. It came alongside another CVE, CVE-2024-23203.

The issue affects macOS and iOS devices running versions prior to macOS Sonoma 14.3 and versions prior to iOS 17.3 and iPadOS 17.3, respectively.

Shortcuts is a visual scripting application developed by Apple and provided on its iOS, iPadOS, macOS, and watchOS operating systems. It allows users to share with others—but it’s this flexibility that makes the vulnerability risky.

This is because users can unknowingly import shortcuts that might exploit CVE-2024-23204. “With Shortcuts being a widely used feature for efficient task management, the vulnerability raises concerns about the inadvertent dissemination of malicious shortcuts through diverse sharing platforms,” Alnazi explained.

And for CVE-2024-23204 it was possible to craft a Shortcuts file that would be able to bypass Transparency, Consent and Control (TCC), a security framework in Apple’s macOS and iOS that governs access to sensitive user data and system resources by applications. “TCC ensures that apps explicitly request permission from the user before accessing certain data or functionalities, enhancing user privacy and security,” Alnazi wrote.

In his blog and via a video, he demonstrated how an iPhone user could install a malicious shortcut.

What To Do

So what should you do to avoid this issue? The answer is pretty simple—if you haven’t already, update now to iOS 17.3, which’ll mean installing the latest software, iOS 17.3.1. Bitdefender mirrors this advice, saying iPhone users should update their macOS, ipadOS and watchOS devices to the latest versions now.

In addition, exercise caution when executing shortcuts from untrusted sources and regularly check for security updates and patches from Apple.

Follow me on Twitter or LinkedIn





The article was first published here

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

iPhone

10:29 a.m. ET, February 22, 2024 AT&T recently applied for a waiver to allow it to stop servicing traditional landlines in California From CNN’s...

Entertainmment

Everyone in Kyle Hausmann-Stokes’ compassionate feature My Dead Friend Zoe has suffered a loss. Merit (Sonequa Martin-Green), a nervous Afghanistan war veteran, is reeling...

Gaming

Video: Bandai Namco Reveals New Gameplay Footage Of Dragon Ball Z: Kakarot DLC 6  Nintendo Life Dragon Ball Z: Kakarot DLC Trailer Previews Goku’s Next...

Computing

Using 3D storage techniques, scientists at the University of Shanghai for Science and Technology developed an optical disk capable of accommodating 1.6 petabits of...