Unrated severityNVD Advisory· Published Oct 23, 2015· Updated May 6, 2026

CVE-2015-5925

Description

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption flaw in Apple CoreGraphics allows arbitrary code execution or denial of service via a malicious website in iOS 9.1, OS X 10.11.1, and watchOS 2.0.1.

Vulnerability

The vulnerability resides in the CoreGraphics component of Apple iOS (before 9.1), OS X (before 10.11.1), and watchOS (before 2.0.1). It is triggered when a user visits a crafted website that exploits a memory corruption issue, leading to arbitrary code execution or denial of service. This is a different vulnerability than CVE-2015-5926, as noted in the official description [1][2][3].

Exploitation

An attacker must host or inject a maliciously crafted website and induce the victim to visit it via a web browser. No additional privileges or authentication are required; the attack is remote and user interaction is limited to the victim browsing to the site. The exploit leverages the memory corruption in CoreGraphics to alter program execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application (likely Safari or other web content renderers) or cause a denial of service via system memory corruption. This could lead to full compromise of the device's data and functionality, or temporary unavailability.

Mitigation

Apple released fixes in iOS 9.1, OS X El Capitan 10.11.1 (and corresponding security updates for Yosemite and Mavericks), and watchOS 2.0.1 on October 21, 2015. Users should update to these versions. No workarounds are documented; the only mitigation is installing the available patches [1][2][3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Swift Corelibs Coregraphicsinferred
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.0.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.0
Apple Inc./watchOS2 versions
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.0.0
- (no CPE)range: <2.0.1
Apple Inc./iOSllm-fuzzy
Range: <9.1
Apple Inc./OS Xllm-fuzzy
Range: <10.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00003.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlnvdVendor Advisory
support.apple.com/HT205370nvdVendor Advisory
support.apple.com/HT205375nvdVendor Advisory
support.apple.com/HT205378nvdVendor Advisory
www.securitytracker.com/id/1033929nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000