VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2014· Updated May 6, 2026

CVE-2014-4395

CVE-2014-4395

Description

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A validation flaw in an integrated graphics driver routine on OS X Mavericks before 10.9.5 allows a crafted application to execute arbitrary code with kernel privileges.

Vulnerability

An unspecified routine in the Intel Graphics Driver subsystem integrated into Apple OS X Mavericks does not properly validate calls from user-space applications. This vulnerability affects OS X Mavericks versions 10.9 through 10.9.4, and is addressed in the 10.9.5 update. The exact function and driver component are not publicly disclosed in the available references [1].

Exploitation

An attacker must first install a crafted application on the target system. No special network position or prior authentication is required beyond the ability to execute a malicious binary. The application then makes a series of calls to the affected graphics driver routine, which fails to validate call parameters correctly, triggering the vulnerability [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged kernel context. This grants full control over the operating system, enabling the attacker to bypass security mechanisms, read or modify protected data, install additional software, or perform any action with root-level privileges [1].

Mitigation

Apple released OS X Mavericks v10.9.5 (and Security Update 2014-004) on September 17, 2014, which includes a fix for this vulnerability. Users should update via Software Update or download the update from the Apple Support website. No workaround is documented [1].

References
  1. About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Mac Os X6 versions
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.