Critical macOS Shortcuts Flaw Reported by PT SWARM Expert
Home » Emerging technologies » Cyber Security » Critical macOS Shortcuts Flaw Reported by PT SWARM Expert
PT SWARM expert Egor Filatov has discovered a critical vulnerability in Shortcuts, a built-in Critical macOS app used to automate user actions. The flaw, if exploited, could give an attacker full control over a device.
Positive Technologies revealed that the vulnerability is tracked as BDU:2025-02497 and carries a severity score of 8.6 out of 10 on the CVSS 3.0 scale. It affects Shortcuts version 7.0 (2607.1.3). The app has been part of macOS since Monterey, and is also supported in Ventura, Sonoma, and Sequoia.
If a compromised device is connected to a corporate network, attackers could infiltrate the internal infrastructure. Filatov warned that it would be enough for a victim to run a malicious macro unknowingly.
Positive Technologies reported that the vendor was notified in line with responsible disclosure policies. A patch has already been issued. Users are advised to upgrade to macOS Sequoia 15.5 or later.
If an OS update is not possible, users should avoid downloading unknown shortcuts or using the app altogether.
According to the report, possible consequences of exploitation include: Theft or deletion of sensitive data
Remote malware installation and ransomware attacks
Business disruption in corporate environments
The company emphasized that threat actors could upload infected shortcut templates to the app's library. Before the patch, the flaw could be used to bypass macOS security and execute arbitrary code.
Positive Technologies has a long track record of studying Apple products. In 2018, its researchers discovered a firmware flaw in Intel Management Engine that affected Apple computers. In 2017, vulnerabilities in Apple Pay were reported, allowing unauthorized transactions.
The Shortcuts app is also available on iOS. To prevent threats on mobile, companies are advised to use solutions like PT MAZE. It protects apps by making reverse engineering difficult and costly for attackers.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
2 days ago
- Zawya
DeepSeek faces expulsion from Apple, Google app stores in Germany
Germany's data protection commissioner has asked Apple and Google to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection. Commissioner Meike Kamp said in a statement on Friday that she had made the request because DeepSeek illegally transfers users' personal data to China. The two U.S. tech giants must now review the request promptly and decide whether to block the app in Germany, she added. DeepSeek did not respond to a request for comment. Apple and Google were not immediately available for comment. According to its own privacy policy, DeepSeek stores numerous personal data, such as requests to its AI programme or uploaded files, on computers in China. "DeepSeek has not been able to provide my agency with convincing evidence that German users' data is protected in China to a level equivalent to that in the European Union," Kamp said. "Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies," she added. The commissioner said she took the decision after asking DeepSeek in May to meet the requirements for non-EU data transfers or else voluntarily withdraw its app. DeepSeek did not comply with this request, she added. DeepSeek shook the technology world in January with claims that it had developed an AI model to rival those from U.S. firms such as ChatGPT creator OpenAI at much lower cost. However, it has come under scrutiny in the United States and Europe for its data security policies. Italy blocked it from app stores there earlier this year, citing a lack of information on its use of personal data, while the Netherlands has banned it on government devices. U.S. lawmakers plan to introduce a bill that would ban U.S. executive agencies from using any AI models developed in China. Reuters exclusively reported this week that DeepSeek is aiding China's military and intelligence operations. (Reporting by Hakan Ersen and Charlotte van Campenhout. Writing by Miranda Murray. Editing by Matthias Williams and Mark Potter)
Economy ME
3 days ago
- Economy ME
Nvidia's stock soars over 4 percent as it reclaims top spot by surpassing Microsoft as most valuable company
Nvidia has once again surged to the top of the global corporate hierarchy, reclaiming its position as the world's most valuable company after its shares soared to a fresh record high. The chipmaker's stock jumped more than 4 percent, closing at $154.31 and pushing its market capitalization to an unprecedented $3.77 trillion, overtaking Microsoft and leaving Apple in third place. A remarkable turnaround in 2025 The rally marks a stunning turnaround for Nvidia, which began the year with a closing price of $149.43 on January 6. After some volatility and a dip in April, the company's shares have rebounded by 63 percent from their lows, adding nearly $1.5 trillion in market value in just a few months. The latest surge was catalyzed by a robust first-quarter earnings report in late May, which exceeded analysts' expectations and underscored the company's dominant position in the artificial intelligence (AI) hardware market. AI demand powers growth Nvidia's meteoric rise is being driven by insatiable demand for its AI chips, which are the backbone of the current global boom in generative AI, machine learning, and data center expansion. The company's data center business saw a 73 percent year-over-year surge, fueling a 69 percent overall revenue increase in the most recent quarter. Analysts now project Nvidia's annual revenue could approach $200 billion, with a 53 percent growth rate for the full fiscal year. Major tech giants—including Microsoft, Meta, Alphabet, and Amazon—together account for more than 40 percent of Nvidia's revenue, as they aggressively invest in building out their AI infrastructure. Bank of America analysts described Nvidia as the 'undisputed leader in performance' among semiconductor firms, forecasting the AI market to reach $1 trillion by 2030, with Nvidia as a key beneficiary. Read more: What caused Nvidia's 17 percent plunge, over $1 trillion stock market loss following DeepSeek's surge? Defying headwinds: China export ban Remarkably, Nvidia's ascent comes despite significant headwinds, most notably the effective loss of the Chinese market due to expanded U.S. export controls. In April, the Trump administration banned the sale of Nvidia's H20 processor—designed to comply with earlier restrictions—effectively shutting the company out of one of its largest historical markets. Nvidia has acknowledged an $8 billion hit to sales and a $4.5 billion inventory write-off as a result. Yet, the company's dominance in other markets, especially as governments, startups, and cloud providers worldwide ramp up investment in 'AI factories,' has more than offset these losses. Nvidia is expected to ship 6.5 million GPUs in 2025 and 7.5 million in 2026, with average selling prices exceeding $40,000 per unit. The company's annual shareholder meeting on Wednesday saw CEO Jensen Huang reiterate that the computer industry is only at the beginning of a massive AI infrastructure upgrade, with robotics and sovereign AI partnerships representing major new growth frontiers.
Zawya
4 days ago
- Zawya
Kaspersky has discovered SparkKitty: a new Trojan spy on App Store and Google Play
Kaspersky researchers have discovered a new Trojan spy called SparkKitty which targets smartphones on iOS and Android. It sends images from an infected phone and information about the device to the attackers. This malware was embedded in apps related to crypto and gambling, as well as in a trojanized TikTok app, and was distributed on App Store and Google Play, as well as on scam websites. Experts suggest that the goal of the attackers is to steal cryptocurrency assets from residents of Southeast Asia and China. Users in KSA are also potentially at risk of facing a similar cyber threat. Kaspersky has notified Google and Apple about the malicious apps. Certain technical details suggest that the new malware campaign is linked to the previously discovered SparkCat Trojan — malware (the first of its kind on iOS) with a built-in optical character recognition (OCR) module that allows it to scan image galleries and steal screenshots containing cryptocurrency wallet recovery phrases or passwords. The SparkKitty case is the second time in a year that Kaspersky researchers have found a Trojan stealer on App Store, following SparkCat. iOS On App Store, the Trojan pretended to be an app related to cryptocurrencies — 币coin. On phishing pages mimicking the official iPhone App Store, the malware was distributed under the guise of TikTok and gambling applications. An alleged crypto exchange app, 币coin, on App Store A webpage mimicking AppStore to install an alleged TikTok app through developer tools A fake web store embedded into the alleged TikTok app "One of the vectors for the Trojan's distribution turned out to be fake websites where the attackers tried to infect the victims' iPhones. iOS has several legitimate ways to install programs not from the App Store. In this malicious campaign, the attackers used one of them — special developer tools for distributing corporate business applications. In the infected version of TikTok, during authorization, the malware, in addition to stealing photos from the smartphone gallery, embedded links to a suspicious store in the person's profile window. This store only accepts cryptocurrencies, which increases our concerns about it,' explains Sergey Puzan, a malware expert at Kaspersky. Android The attackers targeted users both on third-party websites and on Google Play, passing off the malware as various crypto services. For example, one of the infected applications — a messenger called SOEX with a cryptocurrency exchange function — was downloaded from the official store over 10,000 times. An alleged crypto exchange app, SOEX, on Google Play Experts also found APK files of infected apps (these can be installed directly on Android smartphones bypassing official stores) on third-party websites that are likely related to the detected malicious campaign. They are positioned as investment crypto projects. The websites on which these applications were posted were advertised on social networks, including YouTube. "After the apps were installed, they functioned as promised in their description. But at the same time, photos from the smartphone gallery were sent to the attackers. The attackers may later try to find various confidential data in the images, for instance, crypto wallet recovery phrases to access the victims' assets. There are indirect signs that the attackers are interested in people's digital assets: many of the infected apps were related to crypto, and the trojanized TikTok app also had a built-in store that accepted payment for goods only in crypto," comments Dmitry Kalinin, a malware expert at Kaspersky. A detailed report about this attack is available on To avoid becoming a victim of this malware, Kaspersky recommends the following safety measures: If you have installed one of the infected applications, remove it from your device and do not use it until an update has been released to eliminate the malicious functionality. Avoid storing screenshots containing sensitive information in your gallery, including cryptocurrency wallet recovery phrases. Passwords, for example, could be stored in specialized applications such as Kaspersky Password Manager. Reliable cybersecurity software, like Kaspersky Premium, can prevent malware infections. Due to the architectural features of the Apple operating system, the Kaspersky solution for iOS shows the user a warning if it detects an attempt to transfer data to the attacker's command server, and blocks the attacker from transferring data. If an app asks for permission to access the phone's photo library, consider if this app really needs it. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them.
