VYPR
← All advisories
High severity7.8NVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4375

CVE-2014-4375

Description

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A double free vulnerability in iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service via Mach ports.

Vulnerability

A double free vulnerability exists in the Mach port handling of Apple iOS prior to version 8 and Apple TV prior to version 7 [1][3]. The bug resides in the kernel's Mach IPC subsystem and can be triggered by a local user manipulating Mach port objects through specific system calls, leading to a use-after-free condition [1][2].

Exploitation

An attacker needs local access to the device and must be able to make specially crafted Mach port system calls [1]. The exploitation sequence involves sending and deallocating Mach port rights in a particular order that causes the kernel to free the same memory region twice [2]. No user interaction beyond running the exploit is required, but the attacker must have already achieved some level of user-level code execution on the device.

Impact

Successful exploitation allows a local attacker to gain elevated privileges within the kernel context, or to cause a denial of service by crashing the device (kernel panic) [1]. The attacker can achieve arbitrary code execution in kernel space, leading to full compromise of the device's security [2].

Mitigation

The vulnerability was fixed in iOS 8 released on September 17, 2014 [1], and in Apple TV 7 released on the same date [3]. Users should update to iOS 8 or later and Apple TV 7 or later to mitigate the issue. No workarounds are available for earlier unpatched versions.

References
  1. About the security content of iOS 8 - Apple Support
  2. About the security content of OS X Yosemite v10.10 - Apple Support
  3. About the security content of Apple TV 7 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./Mac Os X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.9.5
  • Apple Inc./tvOS7 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8
  • Apple Inc./Apple TVllm-fuzzy
    Range: <7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.