CVE-2015-3730
Description
A memory corruption vulnerability in WebKit allows remote attackers to execute arbitrary code or cause a denial of service via a crafted website, affecting Apple iOS and Safari before specific versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in WebKit allows remote attackers to execute arbitrary code or cause a denial of service via a crafted website, affecting Apple iOS and Safari before specific versions.
Vulnerability
A memory corruption vulnerability exists in WebKit, the rendering engine used by Apple iOS (before 8.4.1) and Safari (before 6.2.8, 7.1.8, and 8.0.8). The issue occurs when processing maliciously crafted web content, leading to unstable memory handling. This is one of several WebKit CVEs addressed in APPLE-SA-2015-08-13-1 [1] and APPLE-SA-2015-08-13-3 [2].
Exploitation
An attacker can exploit this vulnerability by hosting a crafted website and enticing a user to visit it using a vulnerable version of Safari or iOS WebKit. No additional authentication or local access is required; the attack is purely remote and relies on user interaction (visiting the malicious site).
Impact
Successful exploitation can lead to arbitrary code execution in the context of the WebKit process, potentially allowing the attacker to take control of the affected device. Alternatively, it may cause a denial of service via application crash due to memory corruption [1][2].
Mitigation
Apple addressed the vulnerability in iOS 8.4.1 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, and in Safari 8.0.8 (OS X Yosemite), Safari 7.1.8 (OS X Mavericks), and Safari 6.2.8 (OS X Mountain Lion) [1][2]. Users should update to the latest available versions. No workarounds are documented. The issue is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8, >=7.0 <7.1.8, >=8.0 <8.0.8
- Range: <8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlnvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- support.apple.com/kb/HT205033nvdVendor Advisory
News mentions
0No linked articles in our index yet.