CVE-2024-23245
CVE-2024-23245
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Apple · macOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2024/Mar/21http://seclists.org/fulldisclosure/2024/Mar/22http://seclists.org/fulldisclosure/2024/Mar/23https://support.apple.com/en-us/120884https://support.apple.com/en-us/120886https://support.apple.com/en-us/120895https://support.apple.com/en-us/HT214083https://support.apple.com/en-us/HT214084https://support.apple.com/en-us/HT214085https://support.apple.com/kb/HT214083https://support.apple.com/kb/HT214084https://support.apple.com/kb/HT214085