What is "ShortcutsActions" and why is it accessing contacts on my iPhone?

There is NO SECURITY ISSUE. The APPLE apps on your iPhone routinely exchange information in order to serve your needs and requests. The information never leaves your iPhone. No on can see it but you. Any other belief is a “conspiracy theory”.

Appreciate the engagement, but I’m not here to be yelled at or belittled.

Whatever with Shortcuts specifically; it’s the least of my concerns. I’m looking for qualified help with a compromised device. Realize I should start a new thread but, if this isn’t your area of expertise, you could simply say so or say nothing.

Carking2013 wrote:

I’m sorry but I have a hard time trusting anything you say. You keep saying it’s not a security issue but I have several trusted sources (including apple support) stating that these issues are NOT normal and highly uncommon. I would appreciate it if you would do your research before, in so many words, commenting “it’s fine just ignore it.” You have given no real advice here.

You are wrong, simple as.

Attempting to fashion hats in the tin foil aisle has consistently delivered; I recall the Mensa Entrance Exam being a bit fraught as well — might have been the hat there too, now that I think about it.

In reality, I’ve worked in endpoint security for years. My devices have reproducible anomalies and I have a legitimate reason to consider a targeted hack. No one is talking to me through the TV. 

Likewise, no one is providing useful guidance here, so I’m going to bow out of this exchange, fun as it’s been. 

Hello everyone

no expert on this specific topic or ios related security but due to my general experience with other security related incidents i would recommend those wo are affected or interested or concerned these steps:

1. Look in the files App, there is maybe local on your IPhone or in the cloud a shortcuts folder that could contain files related with your problem. (That doesn’t mean there is a virus.shortcut file but maybe some old stuff you forgot about that explains the behavior)
2. Check if the shortcuts app also shows up on your battery usage and or screen time.
3. if it is possible for you (you don’t have to be an expert but you should have some experience in the field)keep an eye on the network traffic of the device in your wifi network, maybe you can find some suspicious activity or addresses in the traffic. But no guarantee here either.
4. don’t listen to me and don’t freak out, give the real experts time to do there job.And remember just because it could be doesn't mean it is.

greetings Wayne

Hello there

Still no expert but i think taht you’re right on the topic. After i had some time after work to look through the same report on my own devices i noticed that chronologically almost every entry matches with sharing contents or other things I’ve done with the sharesheet.

But i feel the need to add some critiques here too. I think that metaphorical speaking “just projecting the tinfoil on someone’s head” in a discussion like this one is wrong. People maybe aren't affected but they feel like they were and just saying that it can’t be because “encryption and told you so”wont help them. Maybe you and me know in our certain specialized topics what’s most likely going on behind the Ui but to someone who don’t has certain key elements of experience made or don’t posses the necessary knowledge in the topic, they will continue to feel uncomfortable. I think in a community discussion the focus should be more on the people that make up the community and not on spitting raw facts. We should not only share our knowledge and experience specially in security related topics, we should try to give the people something they can learn from.

And please don’t take this personally, ive seen a couple of discussions here with similar answers in it and today i just wanted to address it.

But to end this too long text, I have one question for you: how many Zero days are in the current version of IOS?

greetings wayne

Shel7585 wrote:

I had the same issue. (I posted a question yesterday no one responded too yet). I noticed shortcut actions on my App Privacy Report and did have the short cut app deleted right when I got the phone too. I don’t use it. I have a screenshot showing the shortcut actions ghost icon recently being used….I THEN AFTER downloaded the ShortCut App from the App Store and it was toggling on for “saved to iCloud’ in settings. and when u go to Apps in settings it was toggled on for ‘iCloud sync’. The shortcut app had some already pre set up shortcuts such as duck duck go VPN (which I don’t have), Wells Fargo, check in, outlook, tik tok, Amazon, clock, newsbreak, music recognition.

I don't see any problem there.

Hey just found this thread because I was wondering the same thing when looking at my Data & Sensor access.

For everyone who is insisting that it has to do with the shortcuts app— I am an avid shortcut enthusiast and actively use the app. As you can see in my screenshot this is something separate. It raises red flags for me because I'm familiar with the ongoings of my phone and am fully aware of every shortcut I have; how and when they operate.

I do not have any shortcuts that call on contact access nor would the sharing of contacts EVER take place with the shortcuts app unless triggered manually or via automation by the user. As you can see in my screenshot as well, the frequency in which it happens on seemingly randomized times and dates is definitely something worth looking into or else I wouldn't be here.

It takes a special kind to be so naïve as to think Apple is truly impenetrable and then use that closed off way of thinking to condescend to others. Its pretentious c*nty behavior at best.

But don't mind me, it's probably just the aluminum toxicity from my foil hat speaking.

[Edited by Moderator]

How can you prove a negative? That is 1000% ridiculous.

You have a bunch of apps internal to your phone. They all talk to each other, so they can provide the features you want, or may want sometime, to use. They don’t talk to anyone or anything outside your phone. Where is the security issue here?

If you truly believe it is somehow a security problem then get rid of your iPhone. And don’t get an Android; apps on an Android also share internal data.

Your only option is to get a dumb flip phone, and never use any smartphone or computer again. All computers share internal data between apps also. Of course, flip phones also share a lot of data with the cellular network, so that isn’t an option, either. Give up all mobile phones, and get a hard-wired copper connected dial phone. If you can find a carrier who will still install copper.

Apple released iOS 18.5 on May 12.

The 18.5 security release notes explicitly credit ZUSO ART for identifying vulnerabilities in Shortcuts.

ZUSO ART (Advanced Research Team) is an authorized CVE Numbering Authority. 

CVE refers to the Common Vulnerabilities and Exposures system, an internationally accepted methodology for identifying and cataloging cybersecurity vulnerabilities.

Numbering Authorities verify these vulnerabilities, and are certified to do so by the Department of Homeland Security, amongst others. 

Security exploits addressed in 18.5 include arbitrary code execution and access to sensitive data, amongst many others. 

This isn’t speculation; it’s directly from Apple, which makes your steadfast denials so galling. 

It’s also not Shortcut’s first vulnerability. For example, in 2024 Apple patched the app’s ability for hackers to access sensitive data without invoking user permissions.

I’m not saying everyone posting here (myself included) is the victim of a Shortcuts exploit, but it is arrogant, ignorant, and demonstrably false to suggest that no one is or could be.

[Edited by Moderator]

Did you read far enough to see that this was blocked in 18.4? And that it is not listed in 18.5? The CVE is always listed in the security report, so the fact that it IS listed in 18.4 as resolved, and not in 18.5 means that it was fixed 2 versions earlier. ZUZO was just belatedly given credit. Here is the full CVE (note that ZUZO was not given credit, probably an accidental omission):

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app

Description: This issue was addressed with improved access restrictions.

CVE-2025-30433: Andrew James Gonzalez

And notice that it talks about Shortcuts being able to override FILE access restrictions, and, of course, only if Shortcuts has been hacked. And there are any never were any hacks of Shortcuts without jailbreaking the device.

Just found this in my cloud

[Edited by Moderator]

Shel7585 wrote:

They provided me info I didn’t know so probably will others that are 9 levels below..

It doesn't sound as if you have the background to judge if the information in the old, third party links is accurate or currently applicable.

hi all

having major similar issues…. wild things:

*apps w pretend files

hiddens apps not able to be seen

mystery apps downloading disappearibg

shortcutsactions app connecting to things

i think there are VPN or VM hacks going on

for months now my battery was draining fast and my camera wasn’t working properly

went into lockdown mode and staying off wifi suddenly all works fine

have recorded a lot of weird behavior

need help resetting