Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1375

Description

Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local users can bypass ASLR protection in OS X by reading a kernel pointer from an IOKit object via the Intel Graphics Driver.

Vulnerability

The Intel Graphics Driver in Apple OS X Mavericks before version 10.9.4 contains a vulnerability that allows local users to read a kernel pointer stored in an IOKit object. This pointer can be leveraged to bypass the Address Space Layout Randomization (ASLR) protection mechanism. The vulnerability affects systems running OS X Mavericks 10.9 through 10.9.3.

Exploitation

An attacker with local access to the system can exploit this vulnerability by reading the kernel pointer from the IOKit object. No special privileges or user interaction are required beyond having a local account. The attacker can then use the leaked pointer to calculate the base addresses of kernel components, effectively defeating ASLR.

Impact

Successful exploitation allows the attacker to bypass ASLR, a key security mitigation that randomizes memory addresses. This significantly weakens the system's defense against other exploits, making it easier for the attacker to execute arbitrary code with kernel-level privileges. The confidentiality of kernel memory layout is compromised.

Mitigation

Apple addressed this issue in OS X Mavericks v10.9.4, released on July 1, 2014. Users should update to this version or later via Software Update or the Apple Support website [1]. No workarounds are documented. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.

References

About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X4 versions
cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
Apple Inc./OS Xllm-fuzzy
Range: <10.9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT6296nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2014-06/0172.htmlnvd
secunia.com/advisories/59475nvd
www.securitytracker.com/id/1030505nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000