Primary

Context

Apple WebKit and Safari Same Origin Policy Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in WebKit, the engine that powers Safari, allowing websites to access sensor information without user consent. This issue affects Safari 18.4, as well as iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. The vulnerability arises from inadequate checks, which may enable a website to bypass user privacy protections.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensor data, potentially allowing for privacy violations by tracking user activity or behavior without consent.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit and Safari Same Origin Policy Bypass Vulnerability

Vulnerability

Impact

Affected Products

Apple Safari

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating