Apple is gearing up to release iOS 17.4 in the coming days, aiming to address critical security vulnerabilities that were discovered in the previous iOS 17.3 update. One of the issues fixed in iOS 17.3, known as CVE-2024-23204, was reported by Jubaer Alnazi, a researcher at Bitdefender. This particular vulnerability affected Apple's Shortcuts application, potentially allowing attackers to access sensitive data without user permission.

The flaw, which received a CVSS score of 7.5, impacted macOS and iOS devices running versions prior to macOS Sonoma 14.3 and versions prior to iOS 17.3 and iPadOS 17.3. Shortcuts, a popular feature for task management, inadvertently posed a risk of spreading malicious shortcuts through various sharing platforms.

CVE-2024-23204 enabled attackers to bypass Apple's Transparency, Consent, and Control (TCC) security framework, which governs access to user data and system resources. While installing a malicious Shortcut required user interaction, experts like Sean Wright highlighted that the likelihood of a successful attack was limited due to necessary user actions.

To mitigate the risk of exploitation, iPhone users are advised to update their devices to the latest software versions, including iOS 17.3.1. Bitdefender also recommends updating macOS, iPadOS, and watchOS devices to stay protected against potential security threats. Additionally, users should exercise caution when executing shortcuts from untrusted sources and regularly check for security updates from Apple to maintain device security.