VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4354

CVE-2014-4354

Description

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple iOS before 8 enables Bluetooth during upgrades, allowing remote attackers to bypass access restrictions via Bluetooth.

Vulnerability

In Apple iOS versions prior to 8, Bluetooth is automatically enabled during all upgrade actions (e.g., software updates). This behavior creates an unintended open Bluetooth interface during the upgrade process, making it easier for remote attackers to bypass intended access restrictions. The affected versions are iOS 7 and earlier.

Exploitation

An attacker must be within Bluetooth range of the target device while an upgrade is in progress. No prior authentication or pairing is required; the attacker can initiate a Bluetooth session with the device during the upgrade window. The exact sequence involves the attacker scanning for devices with Bluetooth enabled during an upgrade and then connecting to bypass normal access controls.

Impact

Successful exploitation allows an attacker to bypass the device's intended access restrictions, potentially gaining unauthorized access to the device or its data over Bluetooth. This could lead to information disclosure or further compromise of the device.

Mitigation

The vulnerability is fixed in iOS 8, released on September 17, 2014 [1]. Users should upgrade to iOS 8 or later. No workaround is available for earlier versions. The issue is not listed on the CISA Known Exploited Vulnerabilities catalog.

References
  1. About the security content of iOS 8 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.