CVE-2014-4463
Description
Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Physically proximate attackers can bypass the iOS lock screen and view or send photos via FaceTime 'Leave a Message' feature on iOS before 8.1.1.
Vulnerability
The vulnerability exists in the FaceTime "Leave a Message" feature on Apple iOS versions prior to 8.1.1. A physically proximate attacker can bypass the lock-screen protection mechanism and access the Photo Library. The bug allows viewing or transmitting a photo without unlocking the device. Affected versions: iOS before 8.1.1 (iPhone 4s and later, iPod touch 5th gen and later, iPad 2 and later) [1][2].
Exploitation
An attacker must have physical proximity to the locked device. The attacker can use the FaceTime "Leave a Message" feature to access the Photo Library without entering the passcode. The exact sequence involves initiating a FaceTime call and using the "Leave a Message" option to browse and send photos from the Photo Library, bypassing the lock screen.
Impact
Successful exploitation allows the attacker to view and transmit photos from the victim's Photo Library without authentication. This leads to unauthorized disclosure of private photos. The attacker gains access to the photo library at the user's privilege level, but without needing to unlock the device.
Mitigation
Apple addressed this issue in iOS 8.1.1, released on November 17, 2014 [1][2]. Users should update to iOS 8.1.1 or later. No workaround is available for unpatched versions. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=8.1
- cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*
- Range: < 8.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlnvdVendor Advisory
- support.apple.com/en-us/HT6590nvdVendor Advisory
- secunia.com/advisories/62504nvd
- www.securityfocus.com/bid/71141nvd
- www.securitytracker.com/id/1031232nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/98778nvd
- support.apple.com/en-us/HT204418nvd
News mentions
0No linked articles in our index yet.