VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1355

CVE-2014-1355

Description

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Apple's IOKit/IOReporting allows local users to cause a system reboot via crafted API arguments.

Vulnerability

The vulnerability resides in the IOKit implementation within the kernel on iOS and Apple TV, and in IOReporting on OS X. A local user can trigger a NULL pointer dereference by supplying crafted API arguments. This affects iOS versions before 7.1.2, Apple TV before 6.1.2, and OS X Mavericks before 10.9.4 [1].

Exploitation

An attacker must have local access to the device or system. No additional privileges are required beyond local user access. By passing specially crafted arguments to the IOKit or IOReporting API, the attacker causes a NULL pointer dereference in the kernel, leading to a system crash.

Impact

Successful exploitation results in a denial of service via a kernel panic and subsequent system reboot. The vulnerability does not allow code execution or privilege escalation; it only causes a temporary loss of availability.

Mitigation

Apple addressed this issue in iOS 7.1.2, Apple TV 6.1.2, and OS X Mavericks 10.9.4 (and Security Update 2014-003) [1]. Users should update their devices to the latest available versions. No workarounds are documented.

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

21
  • Apple Inc./Iphone Os9 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.1
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
  • Apple Inc./Mac Os X4 versions
    cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
  • Apple Inc./tvOS5 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.1.1
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1.2
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4
  • Apple Inc./Apple TVllm-fuzzy
    Range: <6.1.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.