CVE-2014-4494

iPhone OS < 8.1.3 - Unauthenticated App Trust Decision Bypass via Signature Validation Flaw

Title source: llm
STIX 2.1

Description

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/HT204245
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031652

Scores

EPSS 0.0090
EPSS Percentile 55.5%

Details

CWE
CWE-20
Status published
Products (1)
apple/iphone_os < 8.1.2
Published Jan 30, 2015
Tracked Since Feb 18, 2026