Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3770

Description

IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in IOGraphics on Apple OS X before 10.10.5 allows arbitrary code execution via a crafted app.

Vulnerability

The vulnerability resides in the IOGraphics kernel extension in Apple OS X. It is a memory corruption issue that can be triggered by a crafted application. Affected versions include OS X Mavericks v10.9.5 and OS X Yosemite v10.10 through v10.10.4. The bug is distinct from CVE-2015-5783.

Exploitation

An attacker must have the ability to run a malicious application on the target system. No additional privileges are required beyond local user access. The crafted app triggers the memory corruption when interacting with the IOGraphics subsystem.

Impact

Successful exploitation can lead to arbitrary code execution in the kernel context, resulting in full system compromise. Alternatively, an attacker could cause a denial of service by crashing the system.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.5 and Security Update 2015-006, released on August 13, 2015 [1]. Users should update to the latest version. No workarounds are documented, and the issue is not listed in the Known Exploited Vulnerabilities catalog.

References

About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76340nvd
www.securitytracker.com/id/1033276nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000