Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204

CVE-2024-23204 is a high-severity vulnerability (CVSS score of 7.5) in Apple’s Shortcuts app, which could allow attackers to bypass the Transparency, Consent, and Control (TCC) framework on macOS and iOS devices. This framework is designed to protect user privacy by requiring explicit permission before accessing sensitive data. The vulnerability was exploited by using the ‘Expand URL’ function within Shortcuts to send base64-encoded data to a malicious server without user consent. Apple has addressed the issue with additional permission checks, and users are advised to update their devices to the latest versions and exercise caution when executing shortcuts from untrusted sources. Regular security updates from Apple should also be checked and applied.