Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-4486

Description

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in IOAcceleratorFamily allows arbitrary code execution or denial of service via a crafted app on iOS, OS X, and Apple TV.

Vulnerability

IOAcceleratorFamily in Apple iOS before 8.1.3, OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, leading to a NULL pointer dereference when processing a crafted app [1][2][3].

Exploitation

An attacker can exploit this vulnerability by running a specially crafted app on the affected device. No authentication or network access is required; the attacker needs to convince the user to install and execute the malicious app.

Impact

Successful exploitation allows the attacker to execute arbitrary code with kernel privileges or cause a denial of service via a NULL pointer dereference, potentially leading to a system crash or full device compromise.

Mitigation

Apple released fixes in iOS 8.1.3 [2], OS X Yosemite 10.10.2 [1], and Apple TV 7.0.3 [3]. Users should update their devices to the latest available versions to protect against this vulnerability.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.1.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.1
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.0.1
Apple Inc./iOSllm-fuzzy
Range: < 8.1.3
Apple Inc./OS Xllm-fuzzy
Range: < 10.10.2
Apple Inc./TVllm-fuzzy
Range: < 7.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204244nvdVendor Advisory
support.apple.com/HT204245nvdVendor Advisory
support.apple.com/HT204246nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000