From 9398a32d34df98da372d9889e3439e97a7fcaa68 Mon Sep 17 00:00:00 2001 From: JGoyd Date: Wed, 20 Aug 2025 20:46:57 -0400 Subject: [PATCH] README.md --- README.md | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 424ba19..f114457 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,40 @@ -# iOS18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC -This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation. +# iOS 18.6.2-Persistent-Automation-Exploit-in-Siri-Shortcuts-and-Apple-SWC +This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation. Once imported into the Shortcuts app and attached to an automation, the payload: + +* Executes in the background with no user notification +* Triggers excessive retry storms in `swcd` (71 attempts observed) +* Requests sandbox extensions from system daemons without proper entitlement validation +* Ignores TLS trust mismatches during repeated requests +* Persists across device reboot and application relaunch + +This was observed live on an iPhone 14 running iOS 18.6.2 in a production environment. +--- + +**Reproduction (Minimal Case):** + +1. Import a malformed `.shortcut` file into Siri Shortcuts. +2. Configure an automation trigger (e.g., “When app opens” or “At time of day”). +3. Reboot the device or trigger the automation manually. +4. Observe system logs including: + +``` +[BackgroundShortcutRunner] Ignoring entity property '' because it doesn't have a title. +[swcd] SWCERR00401 Bad JSON content -- {"cause":"invalid character '<'"} +[swcd] SWCERR00303 TLS error -- certificate mismatch +Retries: 71 +``` + +**Impact:** + +* Persistent background execution without user awareness +* Denial of service through repeated retries +* Sandbox enforcement bypass attempts via unauthorized daemon extension requests +* TLS trust degradation due to certificate mismatch tolerance + +**Environment:** + +* Device: iPhone 14 +* OS: iOS 18.6.2 +* State: Production, live system + +---