CVE-2015-3734
Description
Memory corruption in Apple iOS and Safari WebKit allows remote code execution via a crafted website; fixed in iOS 8.4.1 and Safari 6.2.8/7.1.8/8.0.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in Apple iOS and Safari WebKit allows remote code execution via a crafted website; fixed in iOS 8.4.1 and Safari 6.2.8/7.1.8/8.0.8.
Vulnerability
CVE-2015-3734 is a memory corruption vulnerability in the WebKit component used by Apple iOS versions prior to 8.4.1 and Safari versions prior to 6.2.8 (for OS X Mountain Lion v10.8.5 and later) and prior to 7.1.8 and 8.0.8 (for OS X Mavericks v10.9.5 and Yosemite v10.10.4). The bug is reachable when a user visits a maliciously crafted webpage, triggering a memory corruption condition [1][2].
Exploitation
An attacker only needs to convince a user to visit a specially crafted website; no additional authentication or network position beyond standard web access is required. The vulnerability is triggered upon page load, leading to memory corruption and potential application crash [2].
Impact
Successful exploitation allows an attacker to cause a denial of service (application crash) or, more critically, execute arbitrary code on the targeted device in the context of the WebKit process. This can lead to full remote code execution (RCE) with the privileges of the user running Safari or the affected app using WebView [1][2].
Mitigation
Apple released fixes in iOS 8.4.1 on August 13, 2015 [1] and in Safari 6.2.8, 7.1.8, and 8.0.8 on the same date [2]. Users should update to these or later versions. No workaround is available; applying the security update is the only remediation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: < 6.2.8, < 7.1.8, < 8.0.8
- Range: < 8.4.1 (iOS), < 6.2.8, < 7.1.8, < 8.0.8 (Safari)
- Range: < 8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
- www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- support.apple.com/kb/HT205033nvdVendor Advisory
News mentions
0No linked articles in our index yet.