Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3733

Description

WebKit memory corruption in Apple iOS before 8.4.1 and Safari before 6.2.8/7.1.8/8.0.8 allows remote code execution via a crafted website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS before 8.4.1 and Safari before 6.2.8/7.1.8/8.0.8 allows remote code execution via a crafted website.

Vulnerability

A memory corruption vulnerability exists in WebKit as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.1.8, and 8.0.8 [1][2]. The issue is triggered when processing maliciously crafted web content, leading to memory corruption [1][2].

Exploitation

An attacker can host a crafted website that, when visited by a user, exploits the memory corruption [1][2]. No authentication or special network position is required beyond the ability to serve a web page; the user only needs to visit the malicious site [2].

Impact

Successful exploitation allows arbitrary code execution on the affected device or a denial of service (application crash) [1][2]. The attacker gains the same privileges as the user running the browser or the Safari application [1][2].

Mitigation

Apple released iOS 8.4.1 and Safari 6.2.8, 7.1.8, and 8.0.8 on August 13, 2015, which address this vulnerability [1][2]. Users should update to these versions. No workarounds are documented, and there is no known CISA KEV listing for this CVE [1][2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./iTunes
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Range: <=12.2
Apple Inc./Safari2 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8, <7.1.8 (7.x), <8.0.8 (8.x)
Apple Inc./Iphone OS
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <8.4.1
Apple Inc./Webkitllm-fuzzy
Apple Inc./iOSllm-fuzzy
Range: <8.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
support.apple.com/HT205221nvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205033nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000