VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4368

CVE-2014-4368

Description

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via AssistiveTouch events.

Vulnerability

The Accessibility subsystem in Apple iOS versions prior to 8 contains a vulnerability that allows unauthorized interference with the screen locking mechanism. The issue specifically involves AssistiveTouch events, enabling an attacker to bypass or disrupt the screen lock state. All devices running iOS versions earlier than 8 are affected, including iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later [1].

Exploitation

An attacker must have physical access to the device. By sending or generating specific AssistiveTouch events, the attacker can interact with the screen lock sequence in a way that prevents the lock from engaging or disables the lock screen entirely. No authentication or special privileges are required beyond being able to touch the screen [1].

Impact

Successful exploitation allows an attacker to bypass the screen lock, gaining unauthorized access to the device and its data. This compromises the confidentiality and integrity of information stored on the device. The attack can be performed without the user's knowledge [1].

Mitigation

Apple addressed this vulnerability in iOS 8, released on September 17, 2014. Users should update to iOS 8 or later to mitigate the issue. No other workarounds have been disclosed. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [1].

References
  1. About the security content of iOS 8 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.