CVE-2014-4390
Description
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bluetooth API call validation flaw in OS X before 10.9.5 allows arbitrary code execution in privileged context via crafted application.
Vulnerability
Bluetooth in Apple OS X before version 10.9.5 does not properly validate API calls, allowing crafted applications to trigger the flaw. Affected versions: OS X Mavericks v10.9 through v10.9.4.
Exploitation
An attacker must deliver a crafted application to the target system; no additional authentication or user interaction is required beyond executing the application. The exploitation occurs locally within the privileged context of the Bluetooth subsystem.
Impact
Successful exploitation results in arbitrary code execution with elevated privileges, potentially leading to full system compromise.
Mitigation
Apple addressed the issue in OS X Mavericks v10.9.5 and Security Update 2014-004. Users should update via Software Update or from the Apple Support website [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
- Range: <10.9.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.