CVE-2014-4449

Published: Oct 22, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected (1)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.0.2

Related CWEs

CWE-310

References (12)

http://secunia.com/advisories/61825

Source: product-security@apple.com

http://www.securityfocus.com/archive/1/533747

Source: product-security@apple.com

http://www.securityfocus.com/bid/70659

Source: product-security@apple.com

http://www.securitytracker.com/id/1031077

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/97665

Source: product-security@apple.com

https://support.apple.com/kb/HT6541

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/61825