CVE-2014-4494

medium

Published 2015-01-30 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://support.apple.com/HT204245

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

OS impact

OS	Version	Status	Fixed in
macos		affected

References

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
http://support.apple.com/HT204245
http://www.securitytracker.com/id/1031652
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
http://support.apple.com/HT204245
http://www.securitytracker.com/id/1031652

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.