414 matches found
CVE-2025-43184
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.4. A shortcut may be able to bypass sensitive Shortcuts app settings...
CVE-2025-43184
CVE-2025-43184 affects macOS Shortcuts settings handling. The issue involves bypassing sensitive Shortcuts app settings, which was addressed by adding an additional user-consent prompt. Apple patches are available in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, and macOS Sequoia 15.4. The underlyin...
CVE-2025-43184
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings...
CVE-2024-12310
A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...
CVE-2024-12310 Bypass of Login Screen on Shared Kiosk Workstations
A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...
CVE-2024-12310
CVE-2024-12310 concerns Imprivata Enterprise Access Management (formerly Imprivata OneSign). Connected documents confirm a vulnerability where insufficient handling of keyboard shortcuts allows bypassing the shared kiosk login screen and gaining unauthorized access to the underlying Windows syste...
CVE-2024-12310 Bypass of Login Screen on Shared Kiosk Workstations
A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...
Imprivata Enterprise Access Management 授权问题漏洞
Imprivata Enterprise Access Management is an identity and access management system from Imprivata Corporation, USA. An authorization issue vulnerability exists in Imprivata Enterprise Access Management versions 5.3 through 24.2, which stems from insufficient handling of keyboard shortcuts and cou...
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINECLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based...
CVE-2024-40834
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings...
CVE-2024-40833
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-40835
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the us...
CVE-2024-27855
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2023-32442
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings...
CVE-2023-27963
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the use...
CVE-2023-21177
In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-44561
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction...
CVE-2021-1831
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files...
CVE-2020-36408
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module...
The vulnerability of the macOS operating system’s Shortcuts component allows a hacker to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the macOS operating system’s Shortcuts component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary code by sending specially crafted...