VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-4477

CVE-2014-4477

Description

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS, Safari, and Apple TV allows arbitrary code execution via a crafted website.

Vulnerability

CVE-2014-4477 is a memory corruption vulnerability in WebKit, the rendering engine used by Apple iOS before 8.1.3, Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3, and Apple TV before 7.0.3 [1][2][3]. The issue arises from improper memory handling when processing maliciously crafted web content, leading to memory corruption that can be exploited by an attacker [4].

Exploitation

An attacker can exploit this vulnerability by hosting a crafted website and luring a user to visit it via a vulnerable browser or application. No authentication or special privileges are required; the user only needs to load the malicious page. The attack can be performed remotely over the network [1][2][3].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application, potentially leading to full system compromise. Alternatively, the attacker could cause a denial of service via application crash. The impact includes complete loss of confidentiality, integrity, and availability [1][2][3].

Mitigation

Apple addressed this vulnerability in iOS 8.1.3, Safari 6.2.3/7.1.3/8.0.3, Apple TV 7.0.3, and iTunes 12.2 [1][2][3][4]. Users should update to the latest available versions. No workarounds are documented; applying the patches is the only mitigation.

References
  1. About the security content of iOS 8.1.3 - Apple Support
  2. About the security content of Apple TV 7.0.3 - Apple Support
  3. About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 - Apple Support
  4. About the security content of iTunes 12.2 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Apple Inc./iTunes
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
    Range: <=12.1
  • Apple Inc./Safari15 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.2
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • (no CPE)range: >=6.0,<6.2.3 | >=7.0,<7.1.3 | >=8.0,<8.0.3
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.1.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <=7.0.1
  • Apple Inc./iOSllm-fuzzy
    Range: <8.1.3
  • Apple Inc./Apple TVllm-fuzzy
    Range: <7.0.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.