VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2014· Updated May 6, 2026

CVE-2014-4399

CVE-2014-4399

Description

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An Intel Graphics Driver routine in Apple OS X before 10.9.5 fails to validate calls, allowing arbitrary code execution in a privileged context via a crafted application.

Vulnerability

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem of Apple OS X Mavericks does not properly validate calls. The vulnerability affects OS X Mavericks versions 10.9 through 10.9.4 [1]. The issue is one of ten similar vulnerabilities (CVE-2014-4394 through CVE-2014-4401 and CVE-2014-4416) addressed in the same security update [1].

Exploitation

An attacker can exploit this vulnerability by running a crafted application on the target system. No special network position or authentication beyond local access is required, but the application must be able to call the vulnerable graphics driver routine [1]. The exact sequence of steps to trigger the validation failure is not publicly disclosed.

Impact

Successful exploitation allows an attacker to execute arbitrary code in a privileged (kernel) context [1]. This grants full control over the affected system, including the ability to install malware, modify data, or perform other actions with elevated privileges.

Mitigation

Apple released the fix in OS X Mavericks v10.9.5 and Security Update 2014-004, available for download via Software Update or from the Apple Support website [1]. Users should apply the update immediately. No workaround is available for unpatched systems [1].

References
  1. About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Mac Os X6 versions
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.