CVE-2024-40844
📋 TL;DR
This CVE describes a privacy vulnerability in Apple's Shortcuts app where temporary file handling could allow an app to observe data displayed to the user. The issue affects iOS, iPadOS, and macOS users who have not updated to patched versions. An attacker could potentially access sensitive information displayed through Shortcuts.
💻 Affected Systems
- iOS
- iPadOS
- macOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker could access sensitive user data displayed through Shortcuts, potentially including passwords, personal information, or confidential data.
Likely Case
Limited data exposure of information displayed through Shortcuts, potentially including app-specific data or user inputs.
If Mitigated
Minimal impact with proper patching and app sandboxing controls in place.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the target device and would need to bypass app sandboxing to some extent.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 17.7, iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15
Vendor Advisory: https://support.apple.com/en-us/121234
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS or System Settings > General > Software Update on macOS. 2. Download and install the latest available update. 3. Restart the device when prompted.
🔧 Temporary Workarounds
Disable Shortcuts app
allRemove or disable the Shortcuts app to prevent exploitation
Restrict app installations
allOnly install apps from trusted sources and enable app installation restrictions
🧯 If You Can't Patch
- Disable or remove the Shortcuts app from affected devices
- Implement strict app installation policies and only allow apps from trusted sources
🔍 How to Verify
Check if Vulnerable:
Check iOS/iPadOS version in Settings > General > About > Version. Check macOS version in Apple menu > About This Mac.Check Version:
iOS/iPadOS: Settings > General > About > Version. macOS: sw_vers or Apple menu > About This MacVerify Fix Applied:
Verify the version matches or exceeds iOS 17.7, iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, or macOS Sequoia 15.📡 Detection & Monitoring
Log Indicators:
- Unusual Shortcuts app activity
- Multiple failed attempts to access temporary files
Network Indicators:
- No network indicators - this is a local vulnerability
SIEM Query:
No specific SIEM query - monitor for unusual app behavior and ensure devices are patched🔗 References
- https://support.apple.com/en-us/121234
- https://support.apple.com/en-us/121238
- https://support.apple.com/en-us/121246
- https://support.apple.com/en-us/121247
- http://seclists.org/fulldisclosure/2024/Sep/33
- http://seclists.org/fulldisclosure/2024/Sep/39
- http://seclists.org/fulldisclosure/2024/Sep/40
- http://seclists.org/fulldisclosure/2024/Sep/41
