CVE-2014-4434
Description
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A physically proximate attacker can crash OS X before 10.10 by presenting a crafted filename on an HFS filesystem, causing a NULL pointer dereference.
Vulnerability
The kernel in Apple OS X versions prior to 10.10 (Yosemite) contains a NULL pointer dereference vulnerability in the handling of HFS filesystem filenames. A crafted filename can trigger this condition, leading to a system crash. The issue affects all versions before 10.10.
Exploitation
An attacker must have physical proximity to the target system and the ability to present a specially crafted filename on an HFS filesystem (e.g., via a USB drive or other removable media). No authentication is required; the attacker simply needs to cause the system to process the malicious filename, for example by mounting the filesystem or browsing to the file.
Impact
Successful exploitation results in a denial of service (DoS) due to a NULL pointer dereference, causing the kernel to panic and the system to crash. The attacker gains no code execution or data access; the impact is limited to temporary system unavailability.
Mitigation
Apple addressed this issue in OS X Yosemite v10.10, released on October 16, 2014. Users should update to OS X 10.10 or later. No workaround is available for earlier versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.