Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1123

Description

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption issue in WebKit allows remote attackers to execute arbitrary code via a crafted website on iOS before 8.3 and Apple TV before 7.2.

Vulnerability

A memory corruption vulnerability exists in WebKit, the browser engine used by Safari and other applications on Apple iOS before 8.3 and Apple TV before 7.2 [1][2]. The issue can be triggered when processing maliciously crafted web content, leading to a memory corruption condition. The affected versions are iOS 8.2 and earlier, and Apple TV 7.1 and earlier.

Exploitation

An attacker can exploit this vulnerability by enticing a user to visit a specially crafted website. No authentication or special privileges are required beyond standard web browsing. The attacker must host the malicious site and rely on the user accessing it through Safari or any application that uses WebKit.

Impact

Successful exploitation allows a remote attacker to execute arbitrary code on the target device with the privileges of the WebKit process. This could lead to complete compromise of the device, including data theft, installation of malware, or denial of service via application crash [1][2].

Mitigation

Apple has addressed this vulnerability in iOS 8.3 and Apple TV 7.2, both released on April 8, 2015 [1][2]. Users should update their devices to the latest available software versions. No workarounds are available for unpatched systems.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.2
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.1
Apple Inc./Webkitllm-fuzzy
Apple Inc./TVllm-fuzzy
Range: <7.2
Apple Inc./iOSllm-fuzzy
Range: <8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204661nvdVendor Advisory
support.apple.com/HT204662nvdVendor Advisory
www.securitytracker.com/id/1032050nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000