CalvinBackup/iOS18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC
1
0
Fork 0
mirror of https://github.com/JGoyd/iOS18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC.git synced 2026-06-07 21:53:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

README.md

Browse Source
This commit is contained in:
JGoyd
2025-08-20 20:46:57 -04:00
committed by GitHub
parent 4db9177a39
commit 9398a32d34
1 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+40 -2
View File
@@ -1,2 +1,40 @@
# iOS18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC
This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation.
# iOS 18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC
This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation. Once imported into the Shortcuts app and attached to an automation, the payload:
* Executes in the background with no user notification
* Triggers excessive retry storms in `swcd` (71 attempts observed)
* Requests sandbox extensions from system daemons without proper entitlement validation
* Ignores TLS trust mismatches during repeated requests
* Persists across device reboot and application relaunch
This was observed live on an iPhone 14 running iOS 18.6.2 in a production environment.
---
**Reproduction (Minimal Case):**
1. Import a malformed `.shortcut` file into Siri Shortcuts.
2. Configure an automation trigger (e.g., “When app opens” or “At time of day”).
3. Reboot the device or trigger the automation manually.
4. Observe system logs including:
```
[BackgroundShortcutRunner] Ignoring entity property '<private>' because it doesn't have a title.
[swcd] SWCERR00401 Bad JSON content -- {"cause":"invalid character '<'"}
[swcd] SWCERR00303 TLS error -- certificate mismatch
Retries: 71
```
**Impact:**
* Persistent background execution without user awareness
* Denial of service through repeated retries
* Sandbox enforcement bypass attempts via unauthorized daemon extension requests
* TLS trust degradation due to certificate mismatch tolerance
**Environment:**
* Device: iPhone 14
* OS: iOS 18.6.2
* State: Production, live system
---