CVE-2023-32391: 
macOS vulnerability analysis and mitigation

CVE-2023-32391 is a security vulnerability affecting Apple's Shortcuts functionality across multiple operating systems including iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4. The vulnerability was discovered by Wenchao Li and Xiaolong Bai of Alibaba Group and was publicly disclosed on May 18, 2023 (Apple iOS, Apple macOS).

The vulnerability allows a shortcut to use sensitive data with certain actions without prompting the user for permission. The issue was addressed by Apple with improved checks in their security updates. The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (MEDIUM) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability could allow unauthorized access to sensitive data through shortcuts without proper user consent or authentication. This poses a privacy risk as malicious shortcuts could potentially access and manipulate sensitive information without the user being prompted for permission (Apple iOS).

Apple has released security updates to address this vulnerability in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4. Users are advised to update their devices to these versions or later to protect against this vulnerability (Apple iOS, Apple macOS).