VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2014· Updated May 6, 2026

CVE-2014-4397

CVE-2014-4397

Description

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified Intel graphics driver routine in OS X before 10.9.5 fails to validate calls, allowing a crafted app to execute arbitrary code with kernel privileges.

Vulnerability

An unspecified integrated graphics driver routine within the Intel Graphics Driver subsystem of Apple OS X does not properly validate calls. This vulnerability affects OS X Mavericks v10.9 to v10.9.4. The issue is addressed in OS X Mavericks v10.9.5 [1].

Exploitation

An attacker must run a crafted application on the affected system. No additional authentication or user interaction beyond launching the application is required. The application triggers the vulnerable driver routine with malformed input, bypassing validation checks.

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged context (kernel level), resulting in full system compromise. This is a privilege escalation from user mode to kernel mode.

Mitigation

Apple released OS X Mavericks v10.9.5 on September 17, 2014, which includes a fix for this vulnerability. Users should update via Software Update or from the Apple Support website. No workarounds are documented [1].

References
  1. About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Mac Os X6 versions
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.