CVE-2023-27963
📋 TL;DR
This vulnerability allows malicious shortcuts in Apple's Shortcuts app to access sensitive user data without proper permission prompts. It affects users of macOS, iOS, iPadOS, tvOS, and watchOS who have not updated to the patched versions.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- tvOS
- watchOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker could create a shortcut that silently accesses and exfiltrates sensitive data like contacts, photos, location, or authentication tokens without user consent.
Likely Case
Malicious shortcuts distributed through social engineering could access limited sensitive data from users who install them, potentially leading to privacy violations.
If Mitigated
With proper patching, all shortcut actions require appropriate user permissions before accessing sensitive data.
🎯 Exploit Status
Exploitation requires social engineering to get users to install malicious shortcuts. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, iOS 15.7.4, iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4
Vendor Advisory: https://support.apple.com/en-us/HT213670
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Navigate to General > Software Update. 3. Download and install the latest update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Disable Shortcuts Sharing
allPrevent installation of shortcuts from untrusted sources
Settings > Shortcuts > Allow Untrusted Shortcuts (toggle OFF)
Review Installed Shortcuts
allAudit and remove suspicious shortcuts
Open Shortcuts app > My Shortcuts > Review each shortcut's actions
🧯 If You Can't Patch
- Educate users about the risks of installing shortcuts from untrusted sources
- Implement mobile device management (MDM) policies to restrict shortcut installation
🔍 How to Verify
Check if Vulnerable:
Check if device is running a version earlier than the patched versions listed in fix_official.patch_versionCheck Version:
Settings > General > About > Version (iOS/iPadOS) or Apple menu > About This Mac > macOS versionVerify Fix Applied:
Verify device is running patched version and test that shortcuts now prompt for permissions when accessing sensitive data📡 Detection & Monitoring
Log Indicators:
- MDM logs showing shortcut installations
- Console logs showing shortcut execution without permission prompts
Network Indicators:
- Unusual outbound connections from devices after shortcut execution
SIEM Query:
source="apple_mdm" AND event="shortcut_install" AND user NOT IN [trusted_users]🔗 References
- https://support.apple.com/en-us/HT213670
- https://support.apple.com/en-us/HT213673
- https://support.apple.com/en-us/HT213674
- https://support.apple.com/en-us/HT213676
- https://support.apple.com/en-us/HT213677
- https://support.apple.com/en-us/HT213678
- https://support.apple.com/en-us/HT213670
- https://support.apple.com/en-us/HT213673
- https://support.apple.com/en-us/HT213674
- https://support.apple.com/en-us/HT213676
- https://support.apple.com/en-us/HT213677
- https://support.apple.com/en-us/HT213678
