VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 18, 2014· Updated May 6, 2026

CVE-2014-4462

CVE-2014-4462

Description

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit in Apple iOS before 8.1.1 and Apple TV before 7.0.2 allows remote code execution or denial of service via a crafted website due to memory corruption.

Vulnerability

CVE-2014-4462 is a memory corruption vulnerability in WebKit, the web browser engine used in Apple iOS before 8.1.1 and Apple TV before 7.0.2 [1][2][3]. The flaw affects iPhones 4s and later, iPod touch (5th generation) and later, iPad 2 and later, as well as Apple TV 3rd generation and later. No specific triggering configuration beyond visiting a malicious website is required.

Exploitation

An attacker can exploit the vulnerability by crafting a malicious website and luring the victim to visit it. No authentication or special network position is required for the iOS attack vector. For Apple TV, the attacker would need a privileged network position (e.g., man-in-the-middle) to serve the malicious content [3]. Exploitation leads to memory corruption through unspecified WebKit processing flaws.

Impact

Successful exploitation allows the attacker to execute arbitrary code within the context of the WebKit process, which directly leads to full device compromise (arbitrary code execution) or cause a denial of service via application crash [1][2][3]. The impact is high, as it bypasses sandbox protections inherent to WebKit.

Mitigation

Apple has released fixed versions: iOS 8.1.1 for affected iPhone, iPod touch, and iPad models, and Apple TV 7.0.2 for Apple TV 3rd generation and later [1][2][3]. Users should update their devices via the Settings app or Apple TV software update mechanism. There is no known workaround; users should apply the patches as soon as possible.

References
  1. About the security content of iOS 8.1.1 - Apple Support
  2. About the security content of iOS 8.1.1 - Apple Support
  3. About the security content of Apple TV 7.0.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

16
  • Apple Inc./Iphone Os4 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=8.1
    • cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*
  • Apple Inc./tvOS10 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=7.0.1
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:7.0:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: < 8.1.1
  • Apple Inc./Apple TVllm-fuzzy
    Range: < 7.0.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.