CVE-2025-30465
📋 TL;DR
This CVE describes a permissions bypass vulnerability in Apple's Shortcuts app across multiple macOS and iPadOS versions. It allows malicious shortcuts to access files that should be restricted from the Shortcuts app, potentially exposing sensitive data. Users running affected Apple operating systems are vulnerable.
💻 Affected Systems
- macOS
- iPadOS
- Shortcuts app
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker could create a malicious shortcut that exfiltrates sensitive files (passwords, documents, credentials) from the user's system without their knowledge.
Likely Case
Malicious shortcuts distributed through social engineering could access and steal user documents, photos, or other personal files.
If Mitigated
With proper security controls, the impact is limited to files accessible by the user account, but sensitive data could still be compromised.
🎯 Exploit Status
Exploitation requires user interaction to run a malicious shortcut. The vulnerability is in the permissions validation mechanism.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Vendor Advisory: https://support.apple.com/en-us/122372
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install the available update for your macOS/iPadOS version. 3. Restart your device when prompted.
🔧 Temporary Workarounds
Disable Shortcuts app
allTemporarily disable or restrict the Shortcuts app to prevent exploitation
Restrict shortcut installation
allOnly allow shortcuts from trusted sources and disable automatic shortcut execution
🧯 If You Can't Patch
- Disable or restrict the Shortcuts app through MDM or parental controls
- Educate users to avoid running untrusted shortcuts and verify all shortcut sources
🔍 How to Verify
Check if Vulnerable:
Check your macOS/iPadOS version in System Settings > General > About. If version is below the patched versions listed, you are vulnerable.Check Version:
sw_vers (macOS) or Settings > General > About (iPadOS)Verify Fix Applied:
Verify your macOS/iPadOS version matches or exceeds the patched versions: macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, or macOS Sonoma 14.7.5.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns by the Shortcuts app
- Shortcuts accessing files outside their normal sandbox
Network Indicators:
- Unexpected outbound connections from devices running shortcuts
SIEM Query:
process:shortcuts AND file_access:unusual_paths🔗 References
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/5
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
