VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2014· Updated May 6, 2026

CVE-2014-4401

CVE-2014-4401

Description

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A validation flaw in the Intel Graphics Driver on OS X before 10.9.5 allows crafted apps to execute arbitrary code with system privileges.

Vulnerability

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem of Apple OS X before 10.9.5 does not properly validate calls, allowing a crafted application to trigger a privilege escalation. Versions 10.9 through 10.9.4 are affected. This is one of several related Intel graphics flaws patched in the same update (CVE-2014-4394 through CVE-2014-4416). No special configuration is required; any application that can invoke the affected driver interface can trigger the vulnerability [1].

Exploitation

An attacker needs only the ability to run a crafted application on the target system — no special network position, authentication, or user interaction beyond launching the app. The application sends malformed or otherwise invalid calls to the vulnerable Intel Graphics Driver routine, which due to insufficient validation, proceeds to execute attacker-controlled operations in a privileged context. The precise sequence is not publicly disclosed but involves driver call validation bypass [1].

Impact

Successful exploitation allows arbitrary code execution in a privileged context, meaning the attacker gains full system-level (kernel or equivalent) privileges. This leads to complete compromise of the confidentiality, integrity, and availability of the affected Mac system [1].

Mitigation

Apple released OS X Mavericks v10.9.5 and Security Update 2014-004 on September 17, 2014, which patches the vulnerability. Users should update via Software Update or by downloading from the Apple Support website. No workaround other than applying the update is documented. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog [1].

References
  1. About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Mac Os X6 versions
    cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
  • Apple Inc./OS Xllm-fuzzy
    Range: <10.9.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.