VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1372

CVE-2014-1372

Description

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in the OS X Graphics Driver allows local users to read kernel memory and bypass ASLR via a crafted system call.

Vulnerability

The vulnerability resides in the Graphics Driver component of Apple OS X. During processing of an unspecified system call, the driver does not properly restrict read operations, allowing a local user to access sensitive kernel memory. This issue affects OS X Mavericks versions before 10.9.4, as well as earlier versions such as OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5 [1].

Exploitation

An attacker must have local access to the system and the ability to execute a crafted system call. No additional authentication or elevated privileges are required beyond standard user-level access. By invoking the vulnerable system call with specific parameters, the attacker triggers the unrestricted read operation, leaking kernel memory contents.

Impact

Successful exploitation results in the disclosure of sensitive information from kernel memory, including data that can be used to bypass Address Space Layout Randomization (ASLR). This information disclosure weakens the system's security defenses and can facilitate further attacks, such as privilege escalation or code execution.

Mitigation

Apple addressed this issue in OS X Mavericks 10.9.4, released on June 30, 2014. The update is available via Software Update or from the Apple Support website [1]. Users should apply the update to all affected systems. No workarounds are documented; updating to the fixed version is the only mitigation.

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Mac Os X11 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.9.3
    • cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.