Unrated severityNVD Advisory· Published Oct 18, 2014· Updated May 6, 2026

CVE-2014-4441

Description

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Disabling File Sharing in OS X before Yosemite may not be possible, letting remote attackers read or write files.

Vulnerability

The NetFS Client Framework in Apple OS X before 10.10 (Yosemite) contains a logic flaw that can prevent the disabling of File Sharing. Under certain conditions, the system may enter a state where File Sharing remains permanently enabled even after an administrator attempts to turn it off. This affects all versions of OS X prior to 10.10, as the issue is resolved in that release.

Exploitation

An attacker with network access to an affected machine can exploit this persistent state. No special authentication or user interaction is required if the target system is already in the vulnerable state where File Sharing is enabled and cannot be disabled. The attacker can mount shared volumes over the network as they would any legitimate File Sharing connection.

Impact

Successful exploitation allows the remote attacker to read and write files stored on the affected system's shared directories. The attacker gains the same level of access as the File Sharing configuration permits, which could include write access to sensitive data. This compromises the confidentiality and integrity of the shared files.

Mitigation

Apple addressed this issue in OS X Yosemite v10.10 [1]. Users should upgrade to OS X 10.10 or later. There is no documented workaround for affected systems other than upgrading. This CVE is not listed on CISA's Known Exploited Vulnerabilities catalog.

References

About the security content of OS X Yosemite v10.10 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.9.5
Apple Inc./OS Xllm-fuzzy
Range: <10.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT6535nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlnvd
www.securitytracker.com/id/1031063nvd
exchange.xforce.ibmcloud.com/vulnerabilities/97627nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000