Unrated severityNVD Advisory· Published Nov 18, 2014· Updated May 6, 2026

CVE-2014-4452

Description

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS before 8.1.1 and Apple TV before 7.0.2 allows remote code execution or denial of service via a crafted website.

Vulnerability

A memory corruption vulnerability exists in WebKit, the rendering engine used in Apple iOS (before 8.1.1) and Apple TV (before 7.0.2). The issue can be triggered when a user visits a specially crafted website, leading to memory corruption and potential application crash or arbitrary code execution [1][4].

Exploitation

An attacker can exploit this vulnerability by hosting a malicious website and luring a victim to visit it. No authentication or special network position is required; the attack is remote and user interaction is limited to simply browsing to the site [1][4].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the WebKit process, or cause a denial of service via application crash. This could lead to full compromise of the affected device's browser or system-level access depending on the sandbox restrictions [1][4].

Mitigation

Apple addressed this vulnerability in iOS 8.1.1 (released November 17, 2014) and Apple TV 7.0.2 (released November 17, 2014). Users should update their devices to these versions or later. No workarounds are available [1][4].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./iTunes
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Range: <12.2
Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: >=6.0,<6.2.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: >=8.0,<8.1.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: >=6.0,<7.0.2
Apple Inc./iOSllm-fuzzy
Range: < 8.1.1
Apple Inc./Apple TVllm-fuzzy
Range: < 7.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2014/Dec/msg00000.htmlnvdMailing ListPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlnvdMailing ListPatchVendor Advisory
lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2014/Nov/msg00002.htmlnvdMailing ListVendor Advisory
secunia.com/advisories/62504nvdThird Party Advisory
secunia.com/advisories/62505nvdThird Party Advisory
support.apple.com/kb/HT6596nvdVendor Advisory
www.securityfocus.com/bid/71137nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1031231nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/98771nvdThird Party AdvisoryVDB Entry
support.apple.com/en-us/HT204418nvdVendor Advisory
support.apple.com/en-us/HT204420nvdVendor Advisory
support.apple.com/en-us/HT6590nvdVendor Advisory
support.apple.com/en-us/HT6592nvdVendor Advisory
support.apple.com/kb/HT204949nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000