Unrated severityNVD Advisory· Published Nov 18, 2014· Updated May 6, 2026

CVE-2014-4459

Description

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free vulnerability in WebKit on Apple OS X before 10.10.1 allows remote attackers to execute arbitrary code via crafted HTML page objects.

Vulnerability

CVE-2014-4459 is a use-after-free vulnerability in WebKit, the rendering engine used by Apple OS X (prior to version 10.10.1). The bug is triggered when processing crafted page objects in an HTML document. Affected versions include all OS X Yosemite releases before 10.10.1 [3][4].

Exploitation

An attacker can exploit this vulnerability by hosting a malicious HTML document and persuading a user to view it in a browser that uses WebKit (e.g., Safari). No special authentication or network position beyond serving the page is required; the attack is conducted remotely via the web.

Impact

Successful exploitation leads to arbitrary code execution in the context of the WebKit process. This could allow an attacker to read, modify, or delete data, install additional software, or otherwise compromise the user's system.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.1 [3][4]. Users should update to that version or later. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./iTunes
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Range: <12.2
Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: >=6.0,<6.2.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <8.1.3
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.10.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <7.0.3
Apple Inc./Webkitllm-fuzzy
Apple Inc./OS Xllm-fuzzy
Range: <10.10.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2014/Dec/msg00000.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2014/Nov/msg00001.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlnvdMailing ListVendor Advisory
secunia.com/advisories/62503nvdThird Party Advisory
support.apple.com/HT204245nvdVendor Advisory
support.apple.com/HT204246nvdVendor Advisory
support.apple.com/kb/HT6596nvdVendor Advisory
www.securityfocus.com/bid/71144nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1031230nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/98784nvdThird Party AdvisoryVDB Entry
support.apple.com/en-us/HT204419nvdVendor Advisory
support.apple.com/en-us/HT6591nvdVendor Advisory
support.apple.com/kb/HT204949nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000