CVE-2015-1063
Description
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in CoreTelephony allows remote attackers to cause a denial of service (device restart) via a crafted Class 0 SMS message on iOS before 8.2.
Vulnerability
A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages in Apple iOS versions prior to 8.2. The vulnerability affects iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later devices [1].
Exploitation
No authentication is required; an attacker can remotely send a specially crafted Class 0 SMS message to a vulnerable device. The message triggers the null pointer dereference in the CoreTelephony component, causing the device to unexpectedly restart [1].
Impact
Successful exploitation results in a denial of service due to a NULL pointer dereference, leading to an immediate device restart. No data disclosure or code execution is achieved; however, the denial of service can disrupt device availability.
Mitigation
Apple addressed the vulnerability in iOS 8.2, which was released on March 9, 2015. Users should update their devices to iOS 8.2 or later via the Settings > General > Software Update mechanism [1]. No workaround is available for unpatched versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <8.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.apple.com/archives/security-announce/2015/Mar/msg00000.htmlnvdVendor Advisory
- support.apple.com/HT204423nvdVendor Advisory
- www.securitytracker.com/id/1031864nvd
News mentions
0No linked articles in our index yet.