VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-4476

CVE-2014-4476

Description

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in WebKit allows arbitrary code execution via crafted website; affects iOS, Safari, Apple TV.

Vulnerability

WebKit memory corruption issue in Apple iOS before 8.1.3, Safari before 6.2.3/7.1.3/8.0.3, and Apple TV before 7.0.3. A crafted website can cause memory corruption leading to arbitrary code execution [1][2][3].

Exploitation

Remote attacker must convince victim to visit a malicious website. No authentication needed; user interaction required (browsing). The corruption is triggered during WebKit processing [3].

Impact

Successful exploitation allows arbitrary code execution or denial of service (application crash). Full system compromise possible on affected devices [1][2][3].

Mitigation

Fixed in iOS 8.1.3 [1], Safari 6.2.3/7.1.3/8.0.3 [3], Apple TV 7.0.3 [2]. iTunes 12.2 also includes fix for Windows [4]. No workarounds mentioned; apply updates.

References
  1. About the security content of iOS 8.1.3 - Apple Support
  2. About the security content of Apple TV 7.0.3 - Apple Support
  3. About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 - Apple Support
  4. About the security content of iTunes 12.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Apple Inc./iTunes
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
    Range: <=12.1
  • Apple Inc./Safari15 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.2
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • (no CPE)range: <6.2.3 | 7.x <7.1.3 | 8.x <8.0.3
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.1.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <=7.0.1
  • Apple Inc./iOSllm-fuzzy
    Range: <8.1.3
  • Apple Inc./Apple TVllm-fuzzy
    Range: <7.0.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.