Login Sign Up

CVE-2024-23203

7.5 HIGH

📋 TL;DR

This vulnerability allows malicious shortcuts in macOS, iOS, and iPadOS to access sensitive user data without proper permission prompts. It affects users who install or run untrusted shortcuts on their Apple devices. The issue bypasses normal security checks that should require user consent for data access.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions before macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Shortcuts app functionality and user interaction to install/run malicious shortcuts.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could create a shortcut that silently accesses sensitive data like contacts, photos, location, or credentials, potentially leading to data theft, privacy violations, or further attacks.

🟠

Likely Case

Malicious shortcuts distributed through social engineering or compromised apps could access limited sensitive data without user awareness, though full system compromise is unlikely.

🟢

If Mitigated

With proper controls, only trusted shortcuts would run, limiting exposure to data that shortcuts normally have permission to access.

🌐 Internet-Facing: LOW - This requires local shortcut execution, not direct internet exploitation.
🏢 Internal Only: MEDIUM - Requires user interaction to install/run malicious shortcuts, but could be distributed internally via phishing or shared files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires social engineering to get users to install malicious shortcuts. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.3, iOS 17.3, iPadOS 17.3

Vendor Advisory: https://support.apple.com/en-us/HT214059

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Go to General > Software Update. 3. Install macOS Sonoma 14.3, iOS 17.3, or iPadOS 17.3. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable Untrusted Shortcuts

all

Prevent installation of shortcuts from untrusted sources

Settings > Shortcuts > Allow Untrusted Shortcuts > OFF

Review Shortcut Permissions

all

Manually review and restrict permissions for existing shortcuts

Shortcuts app > Select shortcut > Info > Review permissions

🧯 If You Can't Patch

  • Only install shortcuts from trusted sources and developers
  • Regularly review and audit installed shortcuts for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check if device is running macOS <14.3, iOS <17.3, or iPadOS <17.3

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Confirm device is updated to macOS 14.3, iOS 17.3, or iPadOS 17.3 or later

📡 Detection & Monitoring

Log Indicators:

  • Shortcuts app accessing sensitive data without user prompts
  • Unusual shortcut execution patterns

Network Indicators:

  • Shortcuts making unexpected network connections to exfiltrate data

SIEM Query:

process:shortcuts AND (event:data_access OR event:permission_bypass)

📊 Metadata

CVE ID: CVE-2024-23203
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: January 23, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON