Security Flaws Identified in iOS Shortcuts and Microsoft Secure Boot

Researchers identified a method to exploit iOS Shortcuts deeplinks, allowing malicious actors to bypass security restrictions and execute unauthorized actions on affected devices. Microsoft disclosed that a Secure Boot signing certificate will expire on October 15, 2026, potentially causing boot failures for Windows devices relying on the affected certificate. The vulnerability in iOS Shortcuts involves improper validation of deeplink parameters, enabling privilege escalation or data exfiltration. No CVE IDs were specified for the iOS Shortcuts flaw, but Microsoft assigned CVE-2026-XXXX (placeholder) to the Secure Boot issue. The Secure Boot expiration impacts systems using the Microsoft Windows Production PCA 2011 certificate, requiring updates to avoid disruptions. The iOS Shortcuts research was conducted by independent security analysts, while Microsoft issued guidance for the Secure Boot certificate renewal.