Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.
Apple Security Advisory 2015-10-21-2 - watchOS 2.0.1 is now available and addresses arbitrary code execution, heap buffer overflow, and various other vulnerabilities.