Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5757

Description

libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in libpthread on Apple iOS and OS X allows a malicious app to execute arbitrary code with elevated privileges via crafted syscalls.

Vulnerability

A memory corruption vulnerability exists in the libpthread library on Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5. The flaw is triggered when an application uses a crafted syscall to interfere with locking mechanisms within libpthread, leading to memory corruption. This issue affects all devices running the vulnerable operating system versions [1][2].

Exploitation

An attacker must have the ability to run a malicious application on the target device. The application then issues a specially crafted syscall that disrupts the normal locking operations in libpthread, causing memory corruption. No additional authentication or network access is required beyond the ability to execute code on the device [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged context, potentially gaining elevated system privileges. Alternatively, the attacker can cause a denial of service through memory corruption. The impact is a full compromise of the device's security, including access to sensitive data and system control [1][2].

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5 (Security Update 2015-006). Users should update their devices to these or later versions. No workarounds are available, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1][2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: <8.4.1
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000