VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1379

CVE-2014-1379

Description

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Apple OS X Graphics Drivers allows privilege escalation or system crash via a crafted 32-bit executable.

Vulnerability

A NULL pointer dereference vulnerability exists in the Graphics Drivers component of Apple OS X. The flaw is triggered when a crafted 32-bit executable file is run. Affected versions include OS X Mavericks 10.9 through 10.9.3, as well as earlier versions such as OS X Lion and Mountain Lion (as indicated by the security update scope). The vulnerability can be exploited by any application that can execute a malicious 32-bit binary, leading to a kernel-level crash or potential privilege escalation.

Exploitation

An attacker must have the ability to run a crafted 32-bit executable on the target system. No special privileges are required to launch the application; the exploit occurs when the Graphics Drivers process the malformed executable. The attacker does not need network access if they can already execute code locally. The exploitation sequence involves the attacker providing a specially crafted 32-bit binary that triggers a NULL pointer dereference in the graphics driver code.

Impact

Successful exploitation can result in either a denial of service (system crash due to the NULL pointer dereference) or privilege escalation. If the attacker achieves privilege escalation, they may gain elevated system privileges, potentially leading to full control of the affected system. The impact is limited to the local system and requires the attacker to have some level of local access.

Mitigation

Apple addressed this vulnerability in OS X Mavericks v10.9.4, released on July 1, 2014. The update is available via Software Update or from the Apple Support website [1]. No workarounds are documented. Users should apply the update to all affected versions, including OS X Lion, Mountain Lion, and Mavericks. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Mac Os X11 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.9.3
    • cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.