Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent.
有关苹果的Shortcuts应用程序中一个现已修复的高严重性安全漏洞的细节已经浮出水面,该漏洞可以允许快捷方式在未经用户许可的情况下访问设备上的敏感信息。
The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3.
这个漏洞被跟踪为CVE-2024-23204(CVSS评分:7.5),苹果在2024年1月22日发布了iOS 17.3、iPadOS 17.3、macOS Sonoma 14.3和watchOS 10.3来解决这个问题。
"A shortcut may be able to use sensitive data with certain actions without prompting the user," the iPhone maker said in an advisory, stating it was fixed with "additional permissions checks."
iPhone制造商在一份公告中表示:“一个快捷方式可能能够在不提示用户的情况下使用某些操作中的敏感数据”,并表示已通过“额外的权限检查”解决了这个问题。
Apple Shortcuts is a scripting application that allows users to create personalized workflows (aka macros) for executing specific tasks on their devices. It comes installed by default on iOS, iPadOS, macOS, and watchOS operating systems.
Apple Shortcuts是一个脚本应用程序,允许用户为其设备上的特定任务创建个性化工作流程(也称为宏)。它默认安装在iOS、iPadOS、macOS和watchOS操作系统上。
Bitdefender security researcher Jubaer Alnazi Jabin, who discovered and reporting the Shortcuts bug, said it could be weaponized to create a malicious shortcut such that it can bypass Transparency, Consent, and Control (TCC) policies.
发现并报告了Shortcuts漏洞的Bitdefender安全研究员Jubaer Alnazi Jabin表示,这个漏洞可以被利用来创建一个恶意快捷方式,从而可以绕过透明度、同意和控制(TCC)政策。
TCC is an Apple security framework that's designed to protect user data from unauthorized access without requesting appropriate permissions in the first place.
TCC是苹果的一个安全框架,旨在保护用户数据免受未经授权的访问,而不需要首先请求适当的权限。
Specifically, the flaw is rooted in a shortcut action called "Expand URL," which is capable of expanding and cleaning up URLs that have been shortened using a URL shortening service like t.co or bit.ly, while also removing UTM tracking parameters.
具体来说,这个漏洞根植于一个名为“Expand URL”的快捷方式操作,它能够扩展和清理使用URL缩短服务(如t.co或bit.ly)缩短的URL,同时移除UTM跟踪参数。
"By leveraging this functionality, it became possible to transmit the Base64-encoded data of a photo to a malicious website," Alnazi Jabin explained.
Alnazi Jabin解释说:“通过利用这个功能,可以将照片的Base64编码数据传输到恶意网站。”
"The method involves selecting any sensitive data (Photos, Contacts, Files, and clipboard data) within Shortcuts, importing it, converting it using the base64 encode option, and ultimately forwarding it to the malicious server."
“这种方法涉及在Shortcuts中选择任何敏感数据(照片、联系人、文件和剪贴板数据),导入它,使用base64编码选项转换它,最终将它转发到恶意服务器。”
The exfiltrated data is then captured and saved as an image on the attacker's end using a Flask application, paving the way for follow-on exploitation.
然后,被窃取的数据将被捕获并保存为图像,为后续利用铺平道路。
"Shortcuts can be exported and shared among users, a common practice in the Shortcuts community," the researcher said. "This sharing mechanism extends the potential reach of the vulnerability, as users unknowingly import shortcuts that might exploit CVE-2024-23204."
研究人员表示:“快捷方式可以导出并共享给用户,这在快捷方式社区中是一种常见做法。”“这种共享机制扩展了漏洞的潜在影响范围,因为用户在不知情的情况下导入可能利用CVE-2024-23204的快捷方式。”
原文始发于微信公众号(知机安全):研究人员详细介绍了苹果最近的零点击快捷方式漏洞
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论