Versions 9 and earlier of CoreText in Apple iOS & versions prior to 12.3 of iTunes allows remote attackers to execute arbitrary code or cause a memory corruption. Please review CVE-2015-5874 for more information.
“Bulletin (CVE-2015-5874 ).” US-CERT. Department of Homeland Security, 18 Sept. 2015. Web. 24 Sept. 2015. <https://www.us-cert.gov/ncas/bulletins/SB15-264>.