CVE-2024-23204: 
macOS vulnerability analysis and mitigation

CVE-2024-23204 is a security vulnerability affecting Apple's Shortcuts functionality in iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3. The vulnerability was discovered by Jubaer Alnazi (@h33tjubaer) and disclosed on January 22, 2024. The issue allows a shortcut to use sensitive data with certain actions without prompting the user (Apple Security).

The vulnerability stems from insufficient permissions checks in the Shortcuts component. A shortcut could potentially access and use sensitive data through certain actions without triggering the required user consent prompts. Apple addressed this security issue by implementing additional permissions checks (NVD). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow unauthorized access to sensitive user data through shortcuts without proper user consent. This poses a significant privacy risk as malicious shortcuts could potentially bypass normal permission requirements and access sensitive information (Apple Security).

Apple has addressed this vulnerability by implementing additional permissions checks in the following updates: iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3. Users are advised to update their devices to these versions or later to protect against this vulnerability (Apple Security).