Vulnerability Description
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 8.1.2 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlVendor Advisory
- http://support.apple.com/HT204245Vendor Advisory
- http://www.securitytracker.com/id/1031652
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlVendor Advisory
- http://support.apple.com/HT204245Vendor Advisory
- http://www.securitytracker.com/id/1031652
FAQ
What is CVE-2014-4494?
CVE-2014-4494 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-lau...
How severe is CVE-2014-4494?
CVE-2014-4494 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4494?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.