CVE-2014-1287

Apple iOS < 7.1 and tvOS < 6.1 - Memory Corruption via USB Host

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1287. PoCs published by Andy Davis.

AI-analyzed exploit summary This is a vulnerability writeup describing a kernel panic in iOS 7 devices triggered by a specific USB Endpoint descriptor value. The document includes technical details, crash logs, and references to the umap tool for exploitation.

Description

USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.

Exploits (1)

exploitdb WRITEUP

by Andy Davis · textdosios

https://www.exploit-db.com/exploits/32333

View Code ZIP pw:eip

This is a vulnerability writeup describing a kernel panic in iOS 7 devices triggered by a specific USB Endpoint descriptor value. The document includes technical details, crash logs, and references to the umap tool for exploitation.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: iOS 7.0 (11A465)

No auth needed

Prerequisites: Physical access to USB interface · umap tool

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6163

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6162

Scores

EPSS 0.0111

EPSS Percentile 61.6%

Details

CWE

CWE-119

Status published

Products (10)

apple/iphone_os 7.0

apple/iphone_os 7.0.1

apple/iphone_os 7.0.2

apple/iphone_os 7.0.3

apple/iphone_os 7.0.4

apple/iphone_os 7.0.5

apple/iphone_os < 7.0.6

apple/tvos 6.0

apple/tvos 6.0.1

apple/tvos < 6.0.2

Published Mar 14, 2014

Tracked Since Feb 18, 2026