VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 14, 2014· Updated May 6, 2026

CVE-2014-1281

CVE-2014-1281

Description

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Apple iOS before 7.1, the Photos app fails to clear cached asset-library thumbnails after deletion, allowing physical access to recover deleted photos.

Vulnerability

In Apple iOS versions prior to 7.1, the Photos Backend does not properly manage the asset-library cache when deletions occur. This leaves thumbnail images of deleted photos in the cache [1]. Affected versions include iOS 6.x and earlier versions up to 7.0.x.

Exploitation

An attacker with physical access to an unlocked device can launch the Photos app and look behind a transparent image that is still displayed from the cache. No authentication bypass or special privileges are required beyond physical possession of the device while it is unlocked [1].

Impact

Successful exploitation allows the attacker to view thumbnail previews of photos that the user previously deleted. This results in unauthorized information disclosure of sensitive photo data from the device's library [1].

Mitigation

Apple addressed this issue in iOS 7.1, released on March 10, 2014. Users should update their devices to iOS 7.1 or later via Settings > General > Software Update [1]. No workaround is available for earlier versions.

References
  1. About the security content of iOS 7.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Iphone Os7 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.0.6
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.