Description
This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privacy Violation
Action: Patch Immediately
AI Analysis

Impact

A malicious application can dismiss the on‑screen notification that a recording was initiated, allowing a user to remain unaware that audio or video capture is ongoing. This flaw does not provide code execution or system compromise but enables a privacy breach by concealing device activity. The weakness is a classic case of improper access control, identified as CWE-284.

Affected Systems

The vulnerability affects multiple Apple operating systems: iOS 18.4 and newer, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4. For each platform, the issue is resolved by installing the respective security update mentioned above.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% reflects a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The impact is limited to privacy exposure; the attack vector is likely local, requiring a malicious app to be installed or granted elevated permissions. There is no indication of remote exploitation or additional privilege escalation beyond the ability to suppress the notification.

Generated by OpenCVE AI on April 28, 2026 at 11:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest security update for the affected OS (iOS 18.4 or later, iPadOS 18.4 or later, macOS Sequoia 15.4 or later, macOS Sonoma 14.7.5 or later, macOS Ventura 13.7.5 or later, tvOS 18.4 or later, visionOS 2.4 or later, or watchOS 11.4 or later).
  • If updating is temporarily impractical, restrict apps that have microphone or camera access by reviewing device settings or application permissions in the System Settings.
  • For managed devices, apply configuration profiles that enforce app whitelisting and prevent installation of untrusted applications.

Generated by OpenCVE AI on April 28, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8912 This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Apple OS Notification Suppression Vulnerability Enables Concealed Recording

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started. This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 28 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 26 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple watchos
CPEs cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple watchos

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Wed, 02 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:50.535Z

Reserved: 2025-03-22T00:04:43.717Z

Link: CVE-2025-30438

cve-icon Vulnrichment

Updated: 2025-11-03T21:14:41.734Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:25.887

Modified: 2026-04-02T19:19:36.770

Link: CVE-2025-30438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses