VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4367

CVE-2014-4367

Description

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Voice Dial remains enabled during iOS upgrades, letting a nearby attacker place calls by speaking a phone number.

Vulnerability

Apple iOS before version 8 allows the Voice Dial feature to remain active during all upgrade actions. This means that while the device is performing a software update, the speech-recognition interface for placing phone calls is still listening for spoken commands. The affected versions include all iOS releases prior to 8, as confirmed by the vendor advisory [1].

Exploitation

An attacker who is physically proximate to the device during the upgrade process can simply speak a telephone number aloud. No authentication, device unlock, or user interaction with the update screen is required; the device's microphone picks up the spoken digits and triggers a call without further verification [1].

Impact

A successful exploit forces the victim's iPhone, iPad, or iPod touch to initiate an outbound phone call to any number spoken by the attacker. This can result in unexpected toll charges, a disruption of the upgrade process, and potential denial-of-service of the device's telephony functions until the call ends [1].

Mitigation

Apple addressed this issue in iOS 8, released on September 17, 2014. Users are advised to update to iOS 8 or later via the Software Update mechanism. No workaround is available for devices that cannot upgrade beyond iOS 7.x, and this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].

References
  1. About the security content of iOS 8 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.