For our customersโ protection, Apple doesnโt disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released February 7, 2019
Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2019-7289: Sem Voigtlรคnder of Fontys Hogeschool ICT
Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)
Shortcuts
We would like to acknowledge Sem Voigtlรคnder of Fontys Hogeschool ICT for their assistance.