Exploit:iPhoneOS/CVE-2014-4377 identifies a maliciously crafted PDF document that attempts to exploit the CVE-2014-4377 vulnerability in iOS 7.1.x; successful exploitation would allow an attacker to remotely execute arbitrary code on the affected device.
When enabled, F-Secure Freedome will automatically block an exploit attempt against the CVE-2014-4377 vulnerability.
The F-Secure security program will automatically block the exploit file, either at the point of file download or during on-access / on-demand system scanning.
The vulnerabilities (CVE-2014-4377 and CVE-2014-4378) leveraged by this exploit are found in operating system versions prior to iOS 8. To proactively prevent exploitation, please refer to the system vendor for the latest updates and additional advice.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
CVE-2014-4377 is an identifier for a vulnerability in the way the iOS CoreGraphics framework handles PDF files. This vulnerability is found in versions of the iOS operating system prior to version 8.
iPhone, iPad and iTouch devices which have not been (or in some cases, cannot be) upgraded to the latest operating system version are affected by this vulnerability. Apple TVs below version 7 are also affected.
A proof-of-concept (POC) exploit - complete with source code - targeting the CVE-2014-4377 vulnerability was made publicly available in late September 2014. At the time of writing, no attacks in-the-wild against this vulnerability have been reported.
This vulnerability may be exploited by a maliciously crafted PDF document. In a web-based scenario, users may be lured or redirected to a specially crafted webpage containing a malformed PDF document. As the Safari browser allows PDF documents to be automatically loaded and displayed as HTML images without user interaction, the user may be unaware of the presence of such documents on the page. If the exploit file is successfully loaded on the web browser of a vulnerable device, the vulnerability is then automatically exploited.
To successfully complete, an attack would need to exploit an additional vulnerability (CVE-2014-4378); exploit code targeting this vulnerability is also publicly available.
If an attack is successful, the attacker may remotely execute arbitrary code on the affected device and may, essentially, gain complete system control.
For more information, see: