Unrated severityNVD Advisory· Published Oct 23, 2015· Updated May 6, 2026

CVE-2015-5926

Description

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in CoreGraphics on Apple iOS, OS X, and watchOS allows arbitrary code execution via a malicious website.

Vulnerability

A memory corruption vulnerability exists in the CoreGraphics component of Apple iOS (versions prior to 9.1), OS X (versions prior to 10.11.1, including Mavericks 10.9.5 and Yosemite 10.10.5), and watchOS (versions prior to 2.0.1). The flaw can be triggered when processing maliciously crafted web content, leading to memory corruption.

Exploitation

An attacker can exploit this vulnerability by hosting a malicious website and luring a user to visit it. No authentication or special privileges are required. When the user's browser renders the crafted content, the CoreGraphics component mishandles the data, causing memory corruption.

Impact

Successful exploitation allows an attacker to execute arbitrary code or cause a denial of service (memory corruption). Code execution occurs within the context of the affected application (e.g., Safari or other WebKit-based browser), potentially leading to full system compromise if combined with other vulnerabilities.

Mitigation

Apple addressed this issue in iOS 9.1 [2], OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks [1], and watchOS 2.0.1 [3]. Users should update their devices to the latest available versions. No workarounds are documented.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.0.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.0
Apple Inc./watchOS2 versions
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.0.0
- (no CPE)range: <2.0.1
Apple Inc./iOSllm-fuzzy
Range: <9.1
Apple Inc./OS Xllm-fuzzy
Range: <10.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00003.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlnvdVendor Advisory
support.apple.com/HT205370nvdVendor Advisory
support.apple.com/HT205375nvdVendor Advisory
support.apple.com/HT205378nvdVendor Advisory
www.securitytracker.com/id/1033929nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000