VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2014· Updated May 6, 2026

CVE-2014-4376

CVE-2014-4376

Description

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service via crafted API arguments.

Vulnerability

A null pointer dereference exists in IOAcceleratorFamily within IOKit in Apple OS X Mavericks versions 10.9 to 10.9.4. The vulnerability is triggered when an application passes crafted API arguments to the IOAcceleratorFamily driver [1].

Exploitation

An attacker requires the ability to run a malicious application on the target system. The application must supply specifically crafted arguments to the IOAcceleratorFamily user client API. No additional authentication or network access is needed beyond local execution privileges [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with kernel-level privileges or cause a denial of service via a null pointer dereference. The attacker gains full control over the affected system's kernel [1].

Mitigation

Apple addressed the vulnerability in OS X Mavericks 10.9.5, released on September 17, 2014. The update is available through Software Update or from the Apple Support website. Users should install Security Update 2014-004 or upgrade to OS X Mavericks 10.9.5 [1].

References
  1. About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Mac Os X6 versions
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.