====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN037

_____________________________________________________________________

DATE                : 08/02/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): iOS running Shortcuts versions prior to 2.1.3.

=====================================================================
https://lists.apple.com/archives/security-announce/2019/Feb/msg00002.html
_____________________________________________________________________

APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

Shortcuts 2.1.3 for iOS is now available and addresses the following:

Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2019-7289: Sem Voigtländer of Fontys Hogeschool ICT

Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3)

Additional recognition

Shortcuts
We would like to acknowledge Sem Voigtländer of Fontys Hogeschool
ICT for their assistance.

Installation note:

Shortcuts 2.1.3 for iOS may be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================