- Description
- This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.
- Source
- product-security@apple.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 4.4
- Impact score
- 2.5
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-35286 2 - CVE-2024-3400 3 - CVE-2024-40834 4 - CVE-2024-43451 5 - CVE-2024-8636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
7 Dec 2024
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Marcio Almeida (@marcioalm) from @TantoSecurity to talk at #OBTS about a vulnerability he discovered in Shortcuts - CVE-2024-40834 - that can bypass OSX security controls. Seems Shortcuts has a massive attack surface - the main defense ‘relies’ on a user to NOT click accept! htt
@forensicdave
7 Dec 2024
1862 Impressions
6 Retweets
21 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Kicking off after the final break at #OBTS v7: “Unveiling the Apple CVE-2024-40834 - A ‘shortcut’ to the Bypass Road” by Marcio Almeida (@marcioalm). Imagine Apple’s own Shortcuts app becoming a secret passageway for arbitrary command execution and file leaks across all Apple
@Mu55sy
7 Dec 2024
2166 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
Unveiling the Apple's CVE-2024-40834 - A "shortcut" to the bypass road, Marcio Almeida - #BSidesCbr2024 https://t.co/ZL3H9wt0vj
@BSidesCbr
7 Nov 2024
160 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6807198C-7123-496A-9CA2-110B00835B30",
"versionEndIncluding": "12.7.6"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC3E7323-2263-4AC6-984C-FFB561AC8538",
"versionEndIncluding": "13.6.8",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABFFD29A-309D-4C1D-BC33-2EC407363FAE",
"versionEndIncluding": "14.6",
"versionStartIncluding": "14.0"
}
],
"operator": "OR"
}
]
}
]