VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1378

CVE-2014-1378

Description

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in IOGraphicsFamily on Apple OS X before 10.9.4 allows local users to bypass ASLR by reading a kernel pointer from an IOKit object.

Vulnerability

IOGraphicsFamily in Apple OS X before 10.9.4 exposes a kernel pointer through an IOKit object that can be read by local users. By leveraging read access to this pointer, an attacker can defeat Address Space Layout Randomization (ASLR). The vulnerability affects OS X Mavericks versions 10.9 through 10.9.3 [1].

Exploitation

An attacker must have local access to the system and the ability to read a kernel pointer from an IOKit object. No additional privileges or user interaction is required beyond local user access. The attacker reads the pointer from the IOKit object to bypass ASLR protections [1].

Impact

Successful exploitation allows a local attacker to bypass ASLR, a key memory protection mechanism. This disclosure of kernel memory layout information can be used to facilitate further attacks, such as escalating privileges or executing arbitrary code with kernel-level access [1].

Mitigation

Apple addressed this issue in OS X Mavericks 10.9.4, released on July 1, 2014. Users should update via Software Update or from the Apple Support website. No workarounds are provided in the available references [1].

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Apple Inc./Mac Os X4 versions
    cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.