Public CVE-2015-5856 disclosure

Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.