CVE-2015-3688

medium

Published 2015-07-03 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205221

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://support.apple.com/kb/HT204942

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://support.apple.com/kb/HT204941

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

OS impact

OS	Version	Status	Fixed in
macos		affected

Application impact

Vendor	Product	Versions	Fixed
apple	itunes	`{"endIncluding":"12.2"}`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.