CVE-2014-4479
Description
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in WebKit allows remote code execution or denial of service via a crafted website, affecting iOS, Safari, and Apple TV.
Vulnerability
CVE-2014-4479 is a memory corruption vulnerability in WebKit, the rendering engine used by Apple's Safari browser and other applications. The issue exists in WebKit's handling of crafted web content, leading to memory corruption. Affected products include Apple iOS before 8.1.3, Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3, and Apple TV before 7.0.3 [1][2][3]. The vulnerability is triggered when a user visits a maliciously crafted website.
Exploitation
An attacker can exploit this vulnerability by hosting a specially crafted website that, when visited by a user on an affected device, causes memory corruption in WebKit. No authentication or special network position is required; the attacker only needs to lure the victim to the malicious site, typically via social engineering or by embedding the content in a legitimate-looking page. The exploitation does not require user interaction beyond visiting the site.
Impact
Successful exploitation allows a remote attacker to execute arbitrary code on the target device or cause a denial of service (application crash). The code executes in the context of the affected application (Safari or the system WebKit component), potentially leading to full system compromise on iOS or OS X. The impact is rated as critical, with CVSS score not provided but implied high severity.
Mitigation
Apple has addressed this vulnerability in the following updates: iOS 8.1.3 [1], Apple TV 7.0.3 [2], and Safari 6.2.3, 7.1.3, and 8.0.3 [3]. Additionally, iTunes 12.2 for Windows also includes a fix for this CVE [4]. Users should update their devices to the latest available versions. No workarounds are documented; applying the security updates is the recommended mitigation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
21cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.2
- cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
- (no CPE)range: < 6.2.3
- Range: < 8.1.3
- Range: < 7.0.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jan/msg00002.htmlnvdVendor Advisory
- support.apple.com/HT204243nvdVendor Advisory
- support.apple.com/HT204245nvdVendor Advisory
- support.apple.com/HT204246nvdVendor Advisory
- support.apple.com/kb/HT204949nvdVendor Advisory
- www.securityfocus.com/bid/72330nvd
- www.securitytracker.com/id/1031647nvd
News mentions
0No linked articles in our index yet.