VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1119

CVE-2015-1119

Description

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A WebKit memory corruption vulnerability in Apple iOS, TV, and Safari allows arbitrary code execution via a crafted website.

Vulnerability

CVE-2015-1119 is a memory corruption vulnerability in WebKit, affecting Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.1.5, and 8.0.5 [1][2][3]. The issue exists in WebKit's handling of crafted web content, leading to memory corruption that can be exploited remotely.

Exploitation

An attacker can exploit this vulnerability by hosting a specially crafted web site and luring a user to visit it. No additional authentication or user interaction beyond visiting the site is required. The crafted content triggers memory corruption in WebKit, which may lead to arbitrary code execution or a denial of service.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected device, potentially gaining full control of the system, or to cause a denial of service through application crash. The impact is consistent with remote code execution at the privilege level of the WebKit process.

Mitigation

Apple addressed this vulnerability in iOS 8.3, Apple TV 7.2, and Safari 6.2.5/7.1.5/8.0.5, released on April 8, 2015 [1][2][3]. Users should update to the latest available versions. No workarounds are documented.

References
  1. About the security content of iOS 8.3 - Apple Support
  2. About the security content of Apple TV 7.2 - Apple Support
  3. About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

24
  • Apple Inc./iTunes
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
    Range: <=12.1
  • Apple Inc./Safari19 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.4
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
    • (no CPE)range: <6.2.5, >=7.0 <7.1.5, >=8.0 <8.0.5
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <=7.1
  • Apple Inc./TVllm-fuzzy
    Range: <7.2
  • Apple Inc./iOSllm-fuzzy
    Range: <8.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.