PT-2025-14005 · Apple · Safari+4
Published
2025-03-31
·
Updated
2025-04-01
·
CVE-2025-31192
CVSS v3.1
6.7
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Safari versions prior to 18.4
iOS versions prior to 18.4
iPadOS versions prior to 18.4
macOS Sequoia versions prior to 15.4
Description
The issue allows a website to access sensor information without user consent. This can be achieved by exploiting the
getUserMedia() function, specifically when audio is set to true, potentially allowing access to a user's webcam even if they had initially denied access.Recommendations
For Safari versions prior to 18.4, update to Safari 18.4 to resolve the issue.
For iOS versions prior to 18.4, update to iOS 18.4 to resolve the issue.
For iPadOS versions prior to 18.4, update to iPadOS 18.4 to resolve the issue.
For macOS Sequoia versions prior to 15.4, update to macOS Sequoia 15.4 to resolve the issue.
As a temporary workaround, consider restricting the use of the
getUserMedia() function until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Safari
Ios
Ipados
Macos Sequoia