VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 14, 2014· Updated May 6, 2026

CVE-2014-1271

CVE-2014-1271

Description

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CoreCapture in iOS before 7.1 and Apple TV before 6.1 fails to validate IOKit API calls, allowing a crafted app to cause a denial of service via device crash.

Vulnerability

CoreCapture in Apple iOS versions prior to 7.1 and Apple TV versions prior to 6.1 does not properly validate IOKit API calls [1][2]. This flaw allows a malicious application to trigger an assertion failure, leading to a device crash. The affected versions include iOS 7.0.x and earlier, and Apple TV 6.0.x and earlier.

Exploitation

An attacker must install a crafted app on the target device. The app makes specially crafted IOKit API calls that CoreCapture fails to validate, causing an assertion failure. No additional privileges beyond standard app sandbox are required; the vulnerability is reachable from any app.

Impact

Successful exploitation results in a denial of service (DoS) via device crash due to an assertion failure. No data disclosure, modification, or privilege escalation is reported; the impact is limited to temporary unavailability of the device.

Mitigation

Apple addressed this issue in iOS 7.1 and Apple TV 6.1 [1][2]. Users should update their devices to the latest available version via the Settings app. No workarounds are documented, and this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. About the security content of iOS 7.1 - Apple Support
  2. About the security content of Apple TV 6.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Iphone Os7 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.0.6
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
  • Apple Inc./tvOS3 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.0.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
  • Apple Inc./TVllm-fuzzy
    Range: <6.1
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.