Extract Archive Arbitrary Write Vulnerability
Writeup of awesome vulnerability with the extract archive action that allows you to arbitrary write to directories that Shortcuts has access to
Shortcuts File Format Documentation
Introduction to the Shortcuts File Format
iOS 15.0-15.3.1 Hide Actions Vulnerability
Leet vuln to hide actions when viewing the shortcut, but having them still run. iOS 15.0-15.3.1 and macOS 12.0-12.? affected, watchOS untested. I did a pretty nice talk about it on twitter so I'm linking to it here for the moment.
CVE-2021-30763
ActionKit vuln, Internet Permission bypass for shortcuts. While it's claimed to be fixed in iOS 14.7, only some actions were patched, it's still possible to exploit it on 14.8.1 by using different actions ex Make Archive. Fully patched in iOS 15.0. The vuln here is simply just using https:/ or https: instead of https:// lol.