Apple users urged to update devices after app vulnerability found to give attackers access to data
Those toting Apple devices are advised to update them after a vulnerability was found in the tech giant’s Shortcuts app.
The Cyber Security Agency of Singapore (CSA) said in an alert on Feb 29 that the vulnerability could allow third parties to access sensitive information on Apple devices without users’ consent.
It affects devices that run macOS Sonoma versions earlier than 14.3, iOS versions before 17.3, and iPadOS versions before 17.3.
The Shortcuts app allows users to automate various actions, which can be triggered with a tap, or through certain events, such as the time of the day or the arrival at a specific location.
It comes pre-installed on iPhones, iPads, Mac devices and Apple Watches, with users able to share the shortcuts they make with others.
The cyber-security researcher who discovered the vulnerability said in a blog post on cyber-security firm Bitdefender’s website that the sharing mechanism “expands the potential reach of the vulnerability”, with malicious individuals able to create shortcuts that bypass Apple’s security framework.
In doing so, they could access a user’s photos, contacts, files and clipboard data within the Shortcuts app, which would then be forwarded to a server.
Advising users to update their devices to the latest versions immediately, CSA added that they should also enable automatic software updates.
This can be done by going to Settings > General > Software Updates > Enable Automatic Updates.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now