VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1359

CVE-2014-1359

Description

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer underflow in launchd on Apple iOS, OS X, and tvOS allows code execution via a crafted application.

Vulnerability

An integer underflow vulnerability exists in launchd on Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 [1]. The flaw can be triggered when processing a specially crafted application, leading to memory corruption.

Exploitation

An attacker requires the ability to execute or install a crafted application on the targeted device. No special network position or authentication beyond normal user access is needed [1]. The exact exploitation steps are not publicly detailed but involve supplying input that causes an integer underflow in launchd.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system. The code runs with the privileges of launchd, which in all three platforms (iOS, OS X, Apple TV) operates with root-level access, leading to full system compromise [1].

Mitigation

Apple addressed this vulnerability in iOS 7.1.2, OS X Mavericks 10.9.4, and Apple TV 6.1.2 [1]. Users should update to the latest version via Software Update or the Apple Support website. No workarounds are provided in the references.

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

21
  • Apple Inc./Iphone Os9 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.1
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
  • Apple Inc./Mac Os X4 versions
    cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
  • Apple Inc./tvOS5 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.1.1
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1.2
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4
  • Apple Inc./Apple TVllm-fuzzy
    Range: <6.1.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.