- Accessible uses Shortucts and various actions to read/extract system files.
- It combines this actions with a URL, starting with
file:///. This URL is the path that Accessible reads at.
- This cannot read the entire filesystem. It can only read stuff in /Applications and /System.
- This "bug" isn't very notable, however it is useful for reading files such as MobileGestalt for on-device SparseRestore apps, and it can also be used to open apps not usually available to the user.
- Accessible has been taking advantage of this "bug" for a while now, however it seems that Apple has caught on.
TL;DR: Apple changed the way of reading files with file:///, causing Shortcuts to not be able to read files from that URL.
- I thought this was normal behavior, as Apple did not respond to this.
- However, on iOS 18.4 developer beta 2, Apple decided to implement something in order to kill this.
iOS 18.4db1 - iOS 18.4db2 diff: CoreServicesInternal
CStrings:
+ "file:///.file/id=%lld.%lld%s"
- "file:///.file/id=%lld.%lld"
-
Apple reworked the way file:/// accesses files by adding a new string that I believe to be an extra identifer. This may explain why in Freeform, you can read files using file:/// on a patched version, as Freeform may need the
file:///extension. -
I use quotations for the word "patch" as this may have been an accidental patch.
-
NOTE: I am NOT a security researcher. With that in mind, take what I'm saying with a grain of salt. If anyone has a different idea, please let me know.
-
I'm not sure if this applies to other apps, and I haven't tried seeing if it still works in a custom app.
-
What I can say for sure is that it was "patched" out in one of the 18.4 developer betas.
-
If you try to run Accessible or read files using file:/// in Shortcuts, you will get this error:
