Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1095

Description

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in IOHIDFamily allows physically proximate attackers to execute arbitrary code via a crafted HID device.

Vulnerability

The vulnerability resides in the IOHIDFamily component of Apple iOS (before 8.3), OS X (before 10.10.3), and Apple TV (before 7.2). It is triggered by a crafted HID (Human Interface Device) that causes memory corruption. No special configuration is required beyond physical proximity to connect the device. Affected versions: iOS before 8.3 [1], OS X before 10.10.3 [2], and Apple TV before 7.2 [3].

Exploitation

An attacker must be physically proximate to the target device and able to connect a malicious HID device (e.g., via USB or Bluetooth). The attacker crafts the HID device to send malformed input that exploits the memory corruption in IOHIDFamily. No authentication or user interaction is needed beyond the device being powered on and accepting HID connections.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the kernel (since IOHIDFamily runs in kernel space) or cause a denial of service via memory corruption. This could lead to full compromise of the device.

Mitigation

Apple addressed this issue in iOS 8.3 [1], OS X Yosemite 10.10.3 [2], and Apple TV 7.2 [3]. Users should update to these versions or later. No workaround is available; the fix is to apply the security updates.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.2
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.1
Apple Inc./TVllm-fuzzy
Range: <7.2
Apple Inc./iOSllm-fuzzy
Range: <8.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204659nvdVendor Advisory
support.apple.com/HT204661nvdVendor Advisory
support.apple.com/HT204662nvdVendor Advisory
www.securitytracker.com/id/1032048nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000