Unrated severityNVD Advisory· Published Jan 30, 2015· Updated May 6, 2026

CVE-2014-8823

Description

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local root user can read arbitrary kernel memory via a crafted first argument to IOUSBControllerUserClient::ReadRegister in OS X before 10.10.2.

Vulnerability

The vulnerability resides in the IOUSBControllerUserClient::ReadRegister function within the IOUSBFamily kernel extension in Apple OS X. By providing a crafted first argument, a local user with root privileges can read data from arbitrary kernel memory locations. This issue affects OS X versions prior to 10.10.2 (Yosemite) [1].

Exploitation

An attacker must have root access on the system. The exploitation involves calling the ReadRegister function with a specially crafted first argument that specifies an arbitrary kernel memory address. No additional user interaction or network access is required beyond local root privileges [1].

Impact

Successful exploitation allows the attacker to read arbitrary kernel memory, leading to disclosure of sensitive kernel data, such as cryptographic keys, process credentials, or other confidential information. This compromises the confidentiality of the system [1].

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.2, released on January 27, 2015. Users should update to this version or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].

References

About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/google-security-research/issues/detailnvdExploitIssue Tracking
lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlnvdMailing ListVendor Advisory
support.apple.com/HT204244nvdVendor Advisory
www.securitytracker.com/id/1031650nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/100514nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000