Unrated severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5776

Description

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Libinfo allows remote attackers to execute arbitrary code via crafted AF_INET6 socket traffic on iOS and OS X.

Vulnerability

Libinfo, a library used for network information services in Apple iOS and OS X, contains a memory corruption vulnerability when handling AF_INET6 sockets. The issue affects iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5. An attacker can trigger the vulnerability by sending specially crafted data over an IPv6 socket, leading to memory corruption.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending malicious network traffic over an AF_INET6 socket to a vulnerable system. No user interaction or special privileges are required; the attacker only needs network connectivity to the target device.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the affected process, or cause a denial of service via application crash. The exact process affected is not specified, but Libinfo is used by system services, so code execution could lead to full system compromise.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 and OS X Yosemite 10.10.5 (Security Update 2015-006) [1][2]. Users should update to these or later versions. No workarounds are available.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./iOSllm-fuzzy
Range: < 8.4.1
Apple Inc./OS Xllm-fuzzy
Range: < 10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76343nvd
www.securitytracker.com/id/1033275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000