Multiple vulnerabilities in Shortcuts for Apple iOS

Published: 2019-02-08 09:43:34
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2019-7289
CVE-2019-7290
CVSSv3 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-22
CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Shortcuts for iOS
Vulnerable software versions Shortcuts for iOS 2.1.2
Vendor URL Apple Inc.

Security Advisory

1) Path traversal

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Shortcuts during improper handling of directory paths. A local attacker can conduct directory traversal attack and view sensitive user information.

Remediation

Update to version 2.1.3.

External links

https://support.apple.com/en-us/HT209522

2) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper sandboxed process in Shortcuts. A local attacker can circumvent sandbox restrictions.

Remediation

Update to version 2.1.3.

External links

https://support.apple.com/en-us/HT209522

Back to List