VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1376

CVE-2014-1376

Description

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified OpenCL API call in OS X before 10.9.4 is not properly restricted, allowing crafted applications to execute arbitrary code.

Vulnerability

In Apple OS X versions before 10.9.4, the Intel Compute subsystem does not properly restrict an unspecified OpenCL API call. The vulnerability affects OS X Mavericks 10.9 to 10.9.3, as well as OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.5. The exact API call is not disclosed in the available references [1].

Exploitation

An attacker must trick a user into running a crafted application on an affected system. The attacker requires no special network position or authentication beyond the ability to execute code at the user level. The specific steps are not detailed, but the vector is a malicious application that makes the vulnerable OpenCL API call [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the target system. The attacker gains code execution privileges, potentially leading to full system compromise. The impact includes arbitrary code execution, which may result in information disclosure, data modification, or denial of service [1].

Mitigation

Apple released OS X Mavericks v10.9.4 on July 1, 2014, which includes a fix for this issue. Users should update to OS X Mavericks 10.9.4 or later via Software Update or the Apple Support website. For earlier affected versions (OS X Lion v10.7.5, OS X Mountain Lion v10.8.5), the Security Update 2014-003 provides the fix. No workaround is disclosed [1].

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Mac Os X11 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.9.3
    • cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.