![]() ![]() In addition, exercise caution when executing shortcuts from untrusted sources and regularly check for security updates and patches from Apple. Bitdefender mirrors this advice, saying iPhone users should update their macOS, ipadOS and watchOS devices to the latest versions now. So what should you do to avoid this issue? The answer is pretty simple-if you haven’t already, update now to iOS 17.3, which’ll mean installing the latest software, iOS 17.3.1. It’s great to see this fixed, and it’s certainly an interesting vulnerability, but I think the likelihood of an attack being successful would be rather limited.” What To Do While not impossible, it’s just another barrier that an attacker would have to overcome. ““To successfully attack a user, you need them to explicitly install the malicious Shortcut. So should you be worried? If you use Shortcuts, obviously yes, but otherwise, it’s more important to cover yourself for the already-exploited iPhone flaws fixed in iOS 17.3.Įven if you do use Shortcuts, Sean Wright, head of application security at Featurespace says the issue is relatively difficult to exploit. In his blog and via a video, he demonstrated how an iPhone user could install a malicious shortcut. “TCC ensures that apps explicitly request permission from the user before accessing certain data or functionalities, enhancing user privacy and security,” Alnazi wrote. ![]() And for CVE-2024-23204 it was possible to craft a Shortcuts file that would be able to bypass Transparency, Consent and Control (TCC), a security framework in Apple's macOS and iOS that governs access to sensitive user data and system resources by applications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |