CVE-2014-1348
Description
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
iOS Mail before 7.1.2 stores attachments in cleartext despite advertising data protection, allowing physical attackers to read them.
Vulnerability
In Apple iOS versions prior to 7.1.2, the Mail application advertises the availability of data protection for attachments but actually stores attachments in cleartext under the path mobile/Library/Mail/. This misrepresentation means that attachments are not encrypted at rest, contrary to user expectations. The vulnerability affects all devices running iOS versions before 7.1.2.
Exploitation
An attacker with physical proximity to the device can exploit this vulnerability by mounting the data partition (e.g., using forensic tools or direct access to the device's storage). Once the partition is mounted, the attacker can navigate to mobile/Library/Mail/ and read any attachments stored there in cleartext. No authentication or user interaction is required beyond physical access to the device.
Impact
Successful exploitation allows the attacker to obtain sensitive information contained in email attachments, such as documents, images, or other files. This constitutes a breach of confidentiality, as the attacker can read the contents without needing to bypass any encryption or authentication mechanisms. The scope is limited to physically proximate attackers, but the impact can be severe if the attachments contain personal or confidential data.
Mitigation
Apple addressed this issue in iOS 7.1.2, released on June 30, 2014. Users should update their devices to iOS 7.1.2 or later to ensure that attachments are properly protected. No workarounds are available for earlier versions; the only mitigation is to apply the update.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.1
- cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
- Range: <7.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- archives.neohapsis.com/archives/bugtraq/2014-06/0174.htmlnvd
- archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlnvd
- support.apple.com/kb/HT6441nvd
- www.andreas-kurtz.de/2014/04/what-apple-missed-to-fix-in-ios-711.htmlnvd
- www.securityfocus.com/bid/67263nvd
- www.securityfocus.com/bid/68276nvd
- www.securitytracker.com/id/1030500nvd
News mentions
0No linked articles in our index yet.