{"id":77911,"date":"2025-06-24T10:58:41","date_gmt":"2025-06-24T07:58:41","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=77911"},"modified":"2025-06-24T10:58:43","modified_gmt":"2025-06-24T07:58:43","slug":"apple-thanks-positive-technologies-for-discovering-a-vulnerability-in-its-shortcuts-app","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2025\/06\/24\/apple-thanks-positive-technologies-for-discovering-a-vulnerability-in-its-shortcuts-app\/","title":{"rendered":"Apple thanks Positive Technologies for\u00a0discovering a\u00a0vulnerability in its Shortcuts\u00a0app"},"content":{"rendered":"\n

PT\u00a0SWARM<\/strong><\/a> expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data.<\/strong><\/p>\n\n\n\n

If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure.<\/strong><\/p>\n\n\n\n

The vulnerability, tracked as BDU:2025-02497<\/a> and rated 8.6 out of 10 on the CVSS\u00a03.0 scale, affects Shortcuts\u00a07.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software\u00a0patch<\/a>. <\/p>\n\n\n\n

Users are advised to upgrade to macOS Sequoia\u00a015.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether.<\/p>\n\n\n\n

The Shortcuts app was introduced with macOS\u00a0Monterey<\/a> back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. <\/p>\n\n\n\n

Users also have access to macros[1]<\/a> that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device.<\/p>\n\n\n\n

“An attacker could exploit this vulnerability to target any Shortcuts user,”<\/em> said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. <\/strong>“Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim’s system.”<\/em><\/p>\n\n\n\n

According to the expert, the potential consequences of successful attacks include the following:<\/p>\n\n\n\n