Unrated severityNVD Advisory· Published Nov 18, 2014· Updated May 6, 2026

CVE-2014-4455

Description

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

dyld in iOS and Apple TV fails to validate overlapping segments in Mach-O files, allowing local users to execute unsigned code.

Vulnerability

dyld, the dynamic linker in Apple iOS before 8.1.1 and Apple TV before 7.0.2, does not properly handle overlapping segments in Mach-O executable files. This state management issue allows crafted binaries to bypass code-signing restrictions. Affected versions: iOS 8.0 through 8.1, Apple TV 7.0 through 7.0.1. [3][4]

Exploitation

An attacker with local access to the device can craft a Mach-O file with overlapping segments. When the file is loaded by dyld, the improper handling can lead to execution of unsigned code. No additional user interaction is required beyond executing the malicious binary. [3][4]

Impact

Successful exploitation allows a local user to execute unsigned code, bypassing Apple's code-signing mechanism. This could lead to arbitrary code execution with the privileges of the user, potentially enabling further compromise of the device. [3][4]

Mitigation

Apple addressed the issue in iOS 8.1.1 and Apple TV 7.0.2. Users should update to iOS 8.1.1 or later, and Apple TV 7.0.2 or later. No workarounds are available. [3][4]

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.1.2
Apple Inc./tvOS11 versions
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=7.0.1
- cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:7.0.1:*:*:*:*:*:*:*
Apple Inc./iOSllm-fuzzy
Range: <8.1.1
Apple Inc./Apple TVllm-fuzzy
Range: <7.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2014/Nov/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
support.apple.com/HT204245nvdVendor Advisory
support.apple.com/HT204246nvdVendor Advisory
support.apple.com/en-us/HT6590nvdVendor Advisory
support.apple.com/en-us/HT6592nvdVendor Advisory
www.securityfocus.com/bid/71140nvd
www.securitytracker.com/id/1031231nvd
exchange.xforce.ibmcloud.com/vulnerabilities/98773nvd
support.apple.com/en-us/HT204418nvd
support.apple.com/en-us/HT204420nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000