VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1124

CVE-2015-1124

Description

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption vulnerability allows arbitrary code execution via crafted website, affecting Apple iOS <8.3, Apple TV <7.2, Safari <6.2.5/7.1.5/8.0.5.

Vulnerability

A memory corruption vulnerability exists in WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 [1][2][3]. The bug is triggered when processing a crafted website, leading to memory corruption, which may result in arbitrary code execution or a denial of service (application crash).

Exploitation

An attacker can exploit this vulnerability by hosting a malicious website. The victim must visit the site using an affected browser. No authentication or special network position is required. The exact exploitation steps are not publicly detailed, but the vulnerability is remotely triggerable via web content.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running the browser, potentially leading to a full system compromise. Alternatively, exploitation may cause a denial of service due to memory corruption and application crash.

Mitigation

Apple released fixes in iOS 8.3, Apple TV 7.2, and Safari 6.2.5, 7.1.5, and 8.0.5 [1][2][3]. Users should update to the latest versions. No workaround is available if the patches are not applied.

References
  1. About the security content of iOS 8.3 - Apple Support
  2. About the security content of Apple TV 7.2 - Apple Support
  3. About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

24
  • Apple Inc./iTunes
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
    Range: <=12.1
  • Apple Inc./Safari19 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.4
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
    • (no CPE)range: before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <=7.1
  • Apple Inc./Webkitllm-fuzzy
  • Apple Inc./iOSllm-fuzzy
    Range: before 8.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.