Unrated severityNVD Advisory· Published Oct 23, 2015· Updated May 6, 2026

CVE-2015-6989

Description

Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Grand Central Dispatch in Apple iOS, OS X, and watchOS mishandles crafted packages during dispatch calls, leading to memory corruption and arbitrary code execution.

Vulnerability

A memory corruption vulnerability exists in Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 [1][2][3]. The flaw occurs when a crafted package is mishandled during dispatch calls, leading to a memory corruption that can be triggered by processing malicious input [1][2][3].

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted package to the target system [1][2][3]. The package is mishandled during dispatch calls, causing memory corruption [1][2][3]. The attacker does not require elevated privileges to trigger the vulnerability, as it can be exploited via user interaction, such as opening a maliciously crafted archive or file [1][2][3].

Impact

Successful exploitation can lead to arbitrary code execution or denial of service via memory corruption [1][2][3]. The attacker could gain the ability to execute arbitrary code with the privileges of the affected application, potentially leading to full system compromise [1][2][3].

Mitigation

Apple has addressed this vulnerability in iOS 9.1, OS X El Capitan 10.11.1, and watchOS 2.0.1 [1][2][3]. Users should update to the latest versions of their respective operating systems. No workarounds are available [1][2][3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.0.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.0
Apple Inc./watchOS2 versions
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.0.0
- (no CPE)range: <2.0.1
Apple Inc./iOSllm-fuzzy
Range: <9.1
Apple Inc./OS Xllm-fuzzy
Range: <10.11.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00003.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlnvdVendor Advisory
support.apple.com/HT205370nvdVendor Advisory
support.apple.com/HT205375nvdVendor Advisory
support.apple.com/HT205378nvdVendor Advisory
www.securitytracker.com/id/1033929nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000