Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3768

Description

Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in Apple iOS kernel and OS X allows arbitrary code execution via crafted app making IOKit calls.

Vulnerability

An integer overflow vulnerability exists in the kernel of Apple iOS before 8.4.1 and OS X before 10.10.5. The issue occurs when a crafted application makes unspecified IOKit API calls, leading to memory corruption. Affected versions include iOS 8.4 and earlier, and OS X Yosemite 10.10.4 and earlier [1][2].

Exploitation

An attacker must convince a user to install a crafted application on the target device. No additional authentication or network access is required beyond the initial app installation. The app triggers the integer overflow by making specific IOKit calls, causing memory corruption that can be leveraged for code execution.

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged kernel context, resulting in full compromise of the device's system integrity, confidentiality, and availability.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5. Users should update their devices to these or later versions. No workarounds are available; the only mitigation is to apply the security updates [1][2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000