Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials

From: josephgoyd via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 21 Aug 2025 01:06:55 +0000
Improper Input Validation in Siri Shortcuts and Shared Web Credentials
Enables Persistent Background Execution, Retry Storms, and Sandbox Extension Abuse

Date Discovered: August 20, 2025
Discovered By: Joseph Goydish II

Affected:
- iOS/macOS versions supporting Siri Shortcuts + Shared Web Credentials (SWC)
- Confirmed on iPhone 14 pro max / iOS 18.6.2

CWE Classification:
- CWE-20: Improper Input Validation
- CWE-184: Incomplete List of Disallowed Inputs
- CWE-307: Improper Restriction of Excessive Authentication Attempts
- CWE-284: Improper Access Control

Impact Summary:
- Silent and persistent background execution of invalid workflows
- Unauthorized sandbox extension requests from system daemons
- Retry storms (71 attempts observed) in swcd
- TLS trust mismatches ignored during repeated network requests
- Persistence across reboots and relaunch

CVSS v4.0 Base Score: 7.4 (High)

Vulnerability Details:
1. Siri Shortcuts accepts malformed payloads containing null fields (e.g., WFLinkEntityContentItem.title) without 
rejection.
2. BackgroundShortcutRunner executes payloads silently, no error or notification.
3. swcd retries malformed JSON responses up to 71 times, ignoring TLS mismatches.
4. System daemons (siriknowledged, searchd) issue entitlement requests despite denial.
5. Malicious automations persist after reboot or app relaunch.

Delivery Vectors:
- Injection via iCloud Shortcut sync or MobileDevice API
- Stored at /var/mobile/Library/Shortcuts/
- Auto-triggered via automation profiles

Suggested Remediations:
- Siri Shortcuts: Reject malformed inputs
- SWC: Cap retries to 3
- TLS: Enforce strict chain validation, abort on mismatch
- Automation framework: Require runtime permission for network-enabled workflows
- Logging: Flag anomalous retry patterns

Artifacts:
- swcutil dump (Aug 20, 2025)
- Console trace (video capture available)

Full technical report (PDF): 
https://github.com/JGoyd/iOS18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC

---
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: