VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-4369

CVE-2014-4369

Description

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Apple's IOAcceleratorFamily API allows local attackers to crash iOS and Apple TV devices via crafted arguments.

Vulnerability

The IOAcceleratorFamily API implementation in Apple iOS before version 8 and Apple TV before version 7 contains a NULL pointer dereference vulnerability. An application that passes crafted arguments to this API can trigger the flaw, leading to a device crash. The affected versions are iOS 7.x and earlier, and Apple TV 6.x and earlier.

Exploitation

An attacker must have the ability to run a malicious application on the target device. No additional privileges or network access are required. The application calls the IOAcceleratorFamily API with specially crafted arguments, causing a NULL pointer dereference in the kernel.

Impact

Successful exploitation results in a denial of service (DoS) via a kernel panic, causing the device to crash and reboot. No code execution or data compromise is indicated.

Mitigation

Apple addressed this issue in iOS 8 and Apple TV 7, released on September 17, 2014 [1][2]. Users should update their devices to these versions or later. No workarounds are available for unpatched systems.

References
  1. About the security content of iOS 8 - Apple Support
  2. About the security content of Apple TV 7 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

19
  • Apple Inc./Iphone Os10 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1.2
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
  • Apple Inc./tvOS7 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.2
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <8
  • Apple Inc./Apple TVllm-fuzzy
    Range: <7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.