Shortcuts Apple Shortcuts

stack.watch can email you when security vulnerabilities are reported in Apple Shortcuts. You can add multiple products that you use with Shortcuts to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Apple Shortcuts . Shortcuts did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 2 7.75
2018 0 0.00

It may take a day or so for new Shortcuts vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Apple Shortcuts Security Vulnerabilities

An access issue was addressed with additional sandbox restrictions

CVE-2019-7290 10 - Critical - December 18, 2019

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2019-7290 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Externally Controlled Reference to a Resource in Another Sphere

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2019-7289 5.5 - Medium - December 18, 2019

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.

CVE-2019-7289 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Directory traversal