Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-3795

Description

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A malformed XPC message sent by a crafted app can corrupt memory in libxpc, leading to arbitrary code execution in a privileged context on iOS < 8.4.1 and OS X < 10.10.5.

Vulnerability

A memory corruption vulnerability exists in libxpc on Apple iOS before 8.4.1 and OS X before 10.10.5 (Yosemite). An attacker can trigger the issue by sending a malformed XPC message from a crafted app, which the library fails to properly validate [1][2].

Exploitation

An attacker must first install a maliciously crafted application on the target device. No additional authentication or network position is required beyond app installation. By sending a malformed XPC message, the attacker can corrupt memory in the libxpc process, potentially leading to arbitrary code execution [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in a privileged system context, or cause a denial of service through memory corruption. This gives the attacker elevated privileges beyond the app's sandbox [1][2].

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite v10.10.5 (Security Update 2015-006). Users should update to these or later versions [1][2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000