VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 14, 2014· Updated May 6, 2026

CVE-2014-1273

CVE-2014-1273

Description

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2014-1273 allows code-signing bypass via text-relocation instructions in dyld on iOS before 7.1 and Apple TV before 6.1.

Vulnerability

dyld, the dynamic linker in Apple iOS before 7.1 and Apple TV before 6.1, fails to properly validate text-relocation instructions in a dynamic library. This condition allows a library containing such instructions to bypass code-signing enforcement during loading. Affected versions include iOS 7.0.x and earlier, and Apple TV 6.0.x and earlier [1][2].

Exploitation

An attacker must provide a crafted dynamic library that includes text-relocation instructions. The library can be loaded into a process with user-level privileges; no additional authentication is required beyond standard app execution. The attacker does not need physical device access, but must convince the user to run an app that loads the malicious library, or already have the ability to write files to the device.

Impact

Successful exploitation allows the attacker to load arbitrary unsigned or improperly signed code, bypassing Apple's code-signing requirement. This undermines the fundamental security boundary of the iOS and tvOS platforms, potentially enabling further malicious activity such as privilege escalation, data theft, or other local attacks. The compromise occurs at the system level, as dyld runs with elevated privileges.

Mitigation

Apple addressed this vulnerability in iOS 7.1 and Apple TV 6.1, released on March 10, 2014 [1][2]. Users should update to these versions or later. No workarounds are available for earlier versions; the only mitigation is applying the software update.

References
  1. About the security content of iOS 7.1 - Apple Support
  2. About the security content of Apple TV 6.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Iphone Os7 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.0.6
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
  • Apple Inc./tvOS3 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.0.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
  • Apple Inc./TVllm-fuzzy
    Range: <6.1
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.