Exploit:iPhoneOS/CVE-2014-4377 identifies a maliciously crafted PDF document that attempts to exploit the CVE-2014-4377 vulnerability in iOS 7.1.x; successful exploitation would allow an attacker to remotely execute arbitrary code on the affected device.


Automatic action: Freedome

When enabled, F-Secure Freedome will automatically block an exploit attempt against the CVE-2014-4377 vulnerability.

Automatic action: Anti-Virus

The F-Secure security program will automatically block the exploit file, either at the point of file download or during on-access / on-demand system scanning.

Vulnerability Protection

The vulnerabilities (CVE-2014-4377 and CVE-2014-4378) leveraged by this exploit are found in operating system versions prior to iOS 8. To proactively prevent exploitation, please refer to the system vendor for the latest updates and additional advice.

Find out more
Knowledge Base

Find the latest advice in our Community Knowledge Base.

Product Manual

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

CVE-2014-4377 is an identifier for a vulnerability in the way the iOS CoreGraphics framework handles PDF files. This vulnerability is found in versions of the iOS operating system prior to version 8.

iPhone, iPad and iTouch devices which have not been (or in some cases, cannot be) upgraded to the latest operating system version are affected by this vulnerability. Apple TVs below version 7 are also affected.

A proof-of-concept (POC) exploit - complete with source code - targeting the CVE-2014-4377 vulnerability was made publicly available in late September 2014. At the time of writing, no attacks in-the-wild against this vulnerability have been reported.

This vulnerability may be exploited by a maliciously crafted PDF document. In a web-based scenario, users may be lured or redirected to a specially crafted webpage containing a malformed PDF document. As the Safari browser allows PDF documents to be automatically loaded and displayed as HTML images without user interaction, the user may be unaware of the presence of such documents on the page. If the exploit file is successfully loaded on the web browser of a vulnerable device, the vulnerability is then automatically exploited.

To successfully complete, an attack would need to exploit an additional vulnerability (CVE-2014-4378); exploit code targeting this vulnerability is also publicly available.

If an attack is successful, the attacker may remotely execute arbitrary code on the affected device and may, essentially, gain complete system control.


For more information, see:

Date Created: -

Date Last Modified: -