Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1118

Description

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted configuration profile causes memory corruption and application crash in Apple iOS, OS X, and Apple TV before specific updates.

Vulnerability

A memory corruption vulnerability exists in the libnetcore component of Apple iOS before 8.3, OS X before 10.10.3, and Apple TV before 7.2 [1][2][3]. The issue is triggered when the system processes a specially crafted configuration profile. No special configuration beyond processing an untrusted profile is required to reach the vulnerable code path.

Exploitation

An attacker must deliver a malicious configuration profile to a target device. This can be done by tricking the user into installing the profile, such as through a phishing email, a malicious website, or by having physical access to the device. Once the profile is installed, the system parses the crafted data, leading to memory corruption.

Impact

Successful exploitation results in a denial of service (DoS) due to memory corruption, causing the application processing the profile to crash. No code execution or privilege escalation has been described in the available references; only system instability and crashes are mentioned.

Mitigation

Apple released fixes as part of iOS 8.3, OS X Yosemite 10.10.3 (and Security Update 2015-004), and Apple TV 7.2 [1][2][3]. Users should update their devices to these or later versions. There is no known workaround for unpatched systems.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.2
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.1
Apple Inc./TVllm-fuzzy
Range: <7.2
Apple Inc./iOSllm-fuzzy
Range: <8.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204659nvdVendor Advisory
support.apple.com/HT204661nvdVendor Advisory
support.apple.com/HT204662nvdVendor Advisory
www.securitytracker.com/id/1032048nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000