VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1358

CVE-2014-1358

Description

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in launchd in Apple iOS, OS X, and Apple TV allows arbitrary code execution via a crafted application.

Vulnerability

Integer overflow in launchd, the system service for managing daemons and processes, affects Apple iOS before 7.1.2, OS X before 10.9.4, and Apple TV before 6.1.2. A crafted application can trigger the overflow, leading to memory corruption.

Exploitation

An attacker requires the ability to run a crafted application on the target device. No additional authentication or network access is needed beyond local execution. The application triggers the integer overflow in launchd during processing of certain inputs.

Impact

Successful exploitation allows arbitrary code execution with system privileges, as launchd runs with root authority. This can lead to full compromise of the device.

Mitigation

Apple released updates: iOS 7.1.2, OS X Mavericks 10.9.4, and Apple TV 6.1.2, which include a fix for this issue [1]. Users should update via Software Update or from Apple's website. No workarounds are documented.

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

21
  • Apple Inc./Iphone Os9 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.1
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
  • Apple Inc./Mac Os X4 versions
    cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
  • Apple Inc./tvOS5 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.1.1
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1.2
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4
  • Apple Inc./Apple TVllm-fuzzy
    Range: <6.1.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.