CVE-2014-4494Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 56.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedJan 30
Latest updateMay 17

Description

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDapple/iphone_os8.1.2
Appleapple/ios8.1.3

🔴Vulnerability Details

1
GHSA
GHSA-ph2m-x7wf-q6gr: Springboard in Apple iOS before 82022-05-17

📋Vendor Advisories

1
Apple
CVE-2014-4494: iOS 8.1.3
CVE-2014-4494 — Improper Input Validation in Apple | cvebase