Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-4495

Description

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The kernel in iOS, OS X, and Apple TV fails to enforce the read-only attribute of shared memory segments with custom cache modes, allowing a crafted app to bypass access restrictions.

Vulnerability

CVE-2014-4495 is a kernel vulnerability in Apple iOS, OS X, and Apple TV. The kernel fails to enforce the read-only attribute of a shared memory segment when a custom cache mode is used. This allows a crafted app to bypass intended access restrictions. The affected versions are Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 [1][2][3].

Exploitation

An attacker must have the ability to run a crafted app on the target device. No additional authentication or network access is required beyond the ability to execute the malicious app locally. The attacker would create a shared memory segment and use a custom cache mode that causes the kernel to ignore the read-only attribute, enabling unintended read-write access to the segment.

Impact

A successful exploit allows the attacker to bypass the read-only restriction on shared memory, potentially leading to unauthorized memory access. This could result in disclosure of sensitive information or modification of memory contents, depending on the attacker's goals. The vulnerability does not directly provide remote code execution, but it lowers the security barrier for further exploitation.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.2 (and Security Update 2015-001), iOS 8.1.3, and Apple TV 7.0.3 [1][2][3]. Users should update their devices to the latest available versions. There is no publicly documented workaround. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog at the time of writing.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.1.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.0.1
Apple Inc./iOSllm-fuzzy
Range: <8.1.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.2
Apple Inc./Apple TVllm-fuzzy
Range: <7.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204244nvdVendor Advisory
support.apple.com/HT204245nvdVendor Advisory
support.apple.com/HT204246nvdVendor Advisory
www.securitytracker.com/id/1031650nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000