Unrated severityNVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-1381

Description

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in Apple OS X Thunderbolt driver allows arbitrary code execution or denial of service via crafted API calls.

Vulnerability

The vulnerability exists in the Thunderbolt driver (IOThunderBoltController) in Apple OS X versions prior to 10.9.4. The driver does not properly restrict API calls, allowing out-of-bounds memory access. This affects OS X Mavericks 10.9 to 10.9.3, and possibly earlier versions like Mountain Lion and Lion as per the security update [1].

Exploitation

An attacker can exploit this by crafting a malicious call to the IOThunderBoltController API. The attacker needs local access to the system to execute the crafted call, as the Thunderbolt driver is a kernel extension. No user interaction is required beyond the attacker having the ability to execute code locally.

Impact

Successful exploitation can lead to arbitrary code execution in the kernel context, or a denial of service via application crash due to out-of-bounds memory access. The attacker gains elevated privileges, potentially full control of the system.

Mitigation

Apple addressed this vulnerability in OS X Mavericks 10.9.4, released on June 30, 2014. Users should update to 10.9.4 or later via Software Update or from Apple Support [1]. No workarounds are documented.

References

About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X4 versions
cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
Apple Inc./OS Xllm-fuzzy
Range: <10.9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT6296nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2014-06/0172.htmlnvd
secunia.com/advisories/59475nvd
www.securitytracker.com/id/1030505nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000