Techly NewsGet the app

Get the latest tech news

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft.


Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.

According to an analysis from Bitdefender out today, the vulnerability (CVE-2024-23204) makes it possible to craft a malicious Shortcuts file that would be able to bypass Apple's Transparency, Consent, and Control (TCC) security framework, which is supposed to ensure that apps explicitly request permission from the user before accessing certain data or functionalities. And Kaspersky researchers recently discovered macOS malware targeting Bitcoin and Exodus cryptowallets, with the malicious software substituting genuine apps with compromised versions. For instance, earlier this year Apple fixed a zero-day vulnerability (CVE-2024-23222) in its Safari browser's WebKit engine, caused by a type confusion error, where input validation assumptions can lead to exploitation.

Get the Android app

Or read this on r/technology

Read more on:

Photo of silent data theft

silent data theft

« Honor Magic 6 Pro initial review: There's magic in the AIr
HomePod With 'iPad-Like Display' Rumored to Launch in 2025 at Earliest »