Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1125

Description

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A touch-event handling flaw in WebKit on iOS before 8.3 allows remote attackers to redirect taps to unintended web resources via a crafted site.

Vulnerability

The touch-events implementation in WebKit on Apple iOS versions prior to 8.3 contains a flaw that allows a crafted website to cause a tap to be associated with an unintended web resource. This affects all devices running iOS 8.2 and earlier [1].

Exploitation

An attacker must host a malicious website and convince the user to visit it. No authentication or special privileges are required. When the user taps on the page, the touch event may be misdirected to a different resource than the one visually indicated, potentially leading to unintended actions.

Impact

Successful exploitation allows the attacker to trigger an association between a user's tap and an unintended web resource. This could result in the user unknowingly clicking on malicious links, ads, or buttons, potentially leading to information disclosure or unwanted actions within the browser context.

Mitigation

Apple addressed this issue in iOS 8.3, released on April 8, 2015 [1]. Users should update to iOS 8.3 or later. No workarounds are available for unpatched versions. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

About the security content of iOS 8.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.2
Apple Inc./iOSllm-fuzzy
Range: <8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
support.apple.com/HT204661nvdVendor Advisory
www.securitytracker.com/id/1032050nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000