Apple shortcuts are broken - here's why I INQUIRER.net USA
 
 
 
 
 
 

Apple shortcuts are broken – here’s why

/ 09:42 AM September 14, 2021

Back on March 23, every link to Apple shortcuts experienced an accidental downtime. Whereas, Apple’s automation tool suddenly broke and took two days to resolve the mishap. What transpired during that downtime is that users start reporting error messages when they try to access shared shortcuts.

According to 9to5Mac, this unusual issue was a concern of content creators who usually share shortcuts to their followers via iCloud. Concerning this, the real reason is; Detectify Co-Founder Frans Rosen had accidentally deleted the Shortcuts.

As Rosen noted, he began searching for security defects in the framework of Apple Cloudkit. With several misconfiguration flaws he found, he was able to modify the information stored in iCloud databases and “delete any channel or article, including stock entries, in the storage com.apple.news.public being used for the Stock and Apple News iOS-apps.”

Rosen also said that he was ”curious” to check if any specific data can be modified with the accessibility to public Cloudkit containers. He discovered that connect to Cloudkit with various APIs. The researcher said that there are three scopes in the containers – Public (anyone can access), Private (you’re the only one who has access), Shared (can be shared between users).

What prompted the misconfiguration

Detectify said that the issue found in Apple shortcuts “caused all Shortcut sharing links to break, and it was quickly noticed amongst Apple users, media reporters, and especially Shortcuts fans”.

According to Rosen, he had tried various ways to delete public zones before. However, it was always denied. But while working in the Apple Shortcuts database, he found he can create zones. He also received an “OK” message while attempting to delete a default zone.

ADVERTISEMENT
Apple shortcuts are broken - Here's why

Apple logo is seen on the Apple store at The Marche Saint Germain in Paris, France July 15, 2020. REUTERS/Gonzalo Fuentes/File Photo/File Photo

In a nutshell, Apple shortcuts misconfiguration is the culprit. Rosen shared. “I now realized that the deletion did somehow work, but that the _defaultZone never disappeared. When I tried sharing a new shortcut, it also didn’t work, at least not to begin with, most likely due to the deleted record types .”

When it came at this point, Rosen immediately contacted Apple’s security team. Apple asked him to stop immediately. Then, Apple’s Security team started to fix the issue by restoring Apple Shortcuts’ functionalities. They also resolved the problem by refining security controls and panels. Apple team also removed the options of creating and deleting public zones.

While this incident has Rosen panicking, he received a bug bounty worth $28,000 for his discovery. This causes unintentional downtime for Apple users.

Rosen also earned bounties of $24,000 and $12,000 with the other vulnerabilities in Apple News and iCrowd.

An Apple spokesperson said, “We would like to thank this researcher for working side by side with us to keep our users and their data safe. He immediately reported his actions so that we were able to quickly fix the issues documented and restore functionality after the researcher unintentionally disrupted the ability to use iCloud sharing links for Apple shortcuts.”

Want stories like this delivered straight to your inbox? Stay informed. Stay ahead. Subscribe to InqMORNING

Don't miss out on the latest news and information.
TAGS: Apple, iPhone, Software
For feedback, complaints, or inquiries, contact us.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.




This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.