CVE-2015-5755

Vulnerability

A memory corruption vulnerability exists in Apple CoreText's processing of font files, affecting iOS before 8.4.1 and OS X before 10.10.5 [1][2]. A remote attacker can trigger the flaw by providing a specially crafted font file, leading to arbitrary code execution or application crash. This CVE CVE-2015-5755 is distinct from the related CVE-2015-5761 [2][3].

Exploitation

To exploit this vulnerability, an attacker must deliver a malicious font file to the target system. This can be achieved through various vectors such as a webpage, email attachment, or bundled in a document. No special privileges are required beyond standard user interaction (e.g., opening the file or viewing content that processes the font). CoreText automatically parses the font, triggering memory corruption without additional user actions after initial access [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current user, potentially gaining full control of the affected system. Alternatively, the corruption can cause a denial of service through application crash or unexpected termination. The impact is limited by the privilege level of the user, but for most scenarios it enables complete compromise of the device or application [1][2][3].

Mitigation

Apple released security updates to address this vulnerability: OS X Yosemite v10.10.5 (and Security Update 2015-006 for Mavericks) resolves the issue on OS X [1], while iOS 8.4.1 patched it on iPhones, iPads, and iPod touches [2]. Additionally, iTunes 12.3 on Windows includes a fix for applications using CoreText [3]. Users should update to these versions or later. No workarounds were disclosed for unpatched systems.