Sign-up

ID

VAR-201403-0264


CVE

CVE-2014-1285


TITLE

Apple iOS of Springboard Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2014-001671

DESCRIPTION

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. Apple iOS is prone to multiple vulnerabilities. Attackers can exploit these issues to perform man-in-the-middle attack, to access arbitrary files, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect Apple iOS versions prior to 7.1. Note: The issue described by CVE-2013-6835 has been moved to BID 66108 (Apple iOS 'facetime-audio://' Security Bypass Vulnerability) for better documentation

Trust: 1.98

sources: NVD: CVE-2014-1285 // JVNDB: JVNDB-2014-001671 // BID: 66087 // VULHUB: VHN-69224

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.3

Trust: 1.6

vendor:applemodel:iphone osscope:lteversion:7.0.6

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:7.0.6

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 66087 // JVNDB: JVNDB-2014-001671 // CNNVD: CNNVD-201403-266 // NVD: CVE-2014-1285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1285
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1285
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-266
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69224
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1285
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69224
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69224 // JVNDB: JVNDB-2014-001671 // CNNVD: CNNVD-201403-266 // NVD: CVE-2014-1285

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-69224 // JVNDB: JVNDB-2014-001671 // NVD: CVE-2014-1285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-266

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201403-266

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001671

PATCH
title:HT6162url:http://support.apple.com/kb/HT6162
Trust: 0.8
title:HT6162url:http://support.apple.com/kb/HT6162?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001671

EXTERNAL IDS
db:NVDid:CVE-2014-1285
Trust: 2.8
db:JVNid:JVNVU94229445
Trust: 0.8
db:JVNDBid:JVNDB-2014-001671
Trust: 0.8
db:CNNVDid:CNNVD-201403-266
Trust: 0.7
db:BIDid:66087
Trust: 0.3
db:VULHUBid:VHN-69224
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69224 // 
            
            
            
            BID: 66087 // 
            
            
            
            JVNDB: JVNDB-2014-001671 // 
            
            
            
            CNNVD: CNNVD-201403-266 // 
            
            
            
            NVD: CVE-2014-1285

REFERENCES
url:http://support.apple.com/kb/ht6162
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1285
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94229445/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1285
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69224 // 
            
            
            
            BID: 66087 // 
            
            
            
            JVNDB: JVNDB-2014-001671 // 
            
            
            
            CNNVD: CNNVD-201403-266 // 
            
            
            
            NVD: CVE-2014-1285

CREDITS
Apple, evad3rs, Guillaume Ross, Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye, Stefan Esser, Walter Hoelblinger of Hoelblinger.com, Morgan Adams,
Tom Pennington, Roboboi99 and Bogdan Alecu of M-sec.net
Trust: 0.3
sources:
            
            
            BID: 66087

SOURCES
db:VULHUBid:VHN-69224
db:BIDid:66087
db:JVNDBid:JVNDB-2014-001671
db:CNNVDid:CNNVD-201403-266
db:NVDid:CVE-2014-1285

LAST UPDATE DATE
2025-04-13T20:24:23.173000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69224date:2014-03-14T00:00:00
db:BIDid:66087date:2014-03-12T00:33:00
db:JVNDBid:JVNDB-2014-001671date:2014-03-17T00:00:00
db:CNNVDid:CNNVD-201403-266date:2014-04-29T00:00:00
db:NVDid:CVE-2014-1285date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69224date:2014-03-14T00:00:00
db:BIDid:66087date:2014-03-10T00:00:00
db:JVNDBid:JVNDB-2014-001671date:2014-03-17T00:00:00
db:CNNVDid:CNNVD-201403-266date:2014-03-14T00:00:00
db:NVDid:CVE-2014-1285date:2014-03-14T10:55:06.160