• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • Digital Magazine
  • GITEX GLOBAL
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • Digital Magazine
  • GITEX GLOBAL
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

Positive Technologies discover a vulnerability in Apple’s Shortcuts app

by CXO Staff
June 24, 2025
in Future, News, Tech

PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions

Positive Technologies discover a vulnerability in Apple’s Shortcuts app

PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure.

The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether.

The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros[1] that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device.

“An attacker could exploit this vulnerability to target any Shortcuts user,” said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. “Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim’s system.”

According to the expert, the potential consequences of successful attacks include the following:

  • Theft of confidential data or deletion of valuable information
  • Malware execution
  • Installation of backdoors[2] aimed at maintaining access to the system even after vulnerability patching
  • Ransomware[3] infection
  • Disruption to the organisation’s business processes (if a corporate device is compromised)

Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability (CVE-2018-4251) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users’ bank cards and make unauthorised payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the apple.com website, which could allow an adversary to conduct a directory traversal attack and gain access to private data.

In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE, which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries.


[1] A macro is a pre-programmed sequence of actions defined by the user.

[2] A backdoor is a type of malware that allows unauthorised access to data or enables remote control of the compromised system. Typically, an attacker installs a backdoor on a target system for future access.

[3] Ransomware is a type of malware that encrypts a victim’s files or locks them out of their computer system, giving the attacker control over any personal information stored on the compromised device. The attacker can then demand a ransom, threatening to leave the files or system inaccessible to the victim or to disclose confidential data if the ransom is not paid.

Tags: ApplePositive TechnologiesShortcuts app
ShareTweet

Related Posts

Beyond vision: Ericsson’s Petra Schirren on an execution-first strategy for the Gulf’s digital future
Future

Beyond vision: Ericsson’s Petra Schirren on an execution-first strategy for the Gulf’s digital future

Across the Gulf, the race to become a global leader in digital infrastructure is accelerating. With bold national visions, strategic...

July 25, 2025
SentinelOne solutions join new AWS Marketplace AI Agents and Tools category
Future

SentinelOne solutions join new AWS Marketplace AI Agents and Tools category

SentinelOne announced the availability of Singularity Cloud Security and Singularity AI SIEM. This includes Purple AI, the industry’s most advanced...

July 25, 2025

Discussion about this post

Latest Issue

Beyond vision: Ericsson’s Petra Schirren on an execution-first strategy for the Gulf’s digital future

Beyond vision: Ericsson’s Petra Schirren on an execution-first strategy for the Gulf’s digital future

July 25, 2025
SentinelOne solutions join new AWS Marketplace AI Agents and Tools category

SentinelOne solutions join new AWS Marketplace AI Agents and Tools category

July 25, 2025
UAE’s EDGE, Pavo Group launch new JV in defence technology

UAE’s EDGE, Pavo Group launch new JV in defence technology

July 24, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy
© 2025 – CXO Insight Middle East. All Rights Reserved.
Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2025 - CXO Insight Middle East. All Rights Reserved.