The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2024/Jan/33 | Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jan/36 | Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jan/39 | Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Mar/22 | |
http://seclists.org/fulldisclosure/2024/Mar/23 | |
https://support.apple.com/en-us/HT214059 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/HT214060 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/HT214061 | Release Notes Vendor Advisory |
https://support.apple.com/kb/HT214082 | |
https://support.apple.com/kb/HT214083 | |
https://support.apple.com/kb/HT214085 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2024-01-23T00:25:30.276Z
Updated: 2024-01-23T00:25:30.276Z
Reserved: 2024-01-12T22:22:21.475Z
Link: CVE-2024-23204
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-23T01:15:10.787
Modified: 2024-03-13T23:15:45.887
Link: CVE-2024-23204
JSON object: View
Redhat Information
No data.
CWE