CVE-2015-3735
Description
A memory corruption vulnerability in WebKit allows remote code execution or denial of service via a crafted website, affecting Apple iOS before 8.4.1 and Safari before 6.2.8, 7.1.8, and 8.0.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in WebKit allows remote code execution or denial of service via a crafted website, affecting Apple iOS before 8.4.1 and Safari before 6.2.8, 7.1.8, and 8.0.8.
Vulnerability
CVE-2015-3735 is a memory corruption issue in WebKit, the rendering engine used by Apple iOS and Safari. The vulnerability exists in versions of iOS prior to 8.4.1 and Safari prior to 6.2.8, 7.1.8, and 8.0.8. Processing a specially crafted website can trigger the corruption, leading to unexpected behavior [1][2].
Exploitation
An attacker can exploit this vulnerability by hosting a malicious website and enticing a user to visit it. No additional privileges or user interaction beyond browsing the site are required. The exact sequence of steps involves the attacker crafting web content that triggers the memory corruption when parsed by WebKit [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected device or cause a denial of service (application crash). The code executes at the privilege level of the WebKit process, which can lead to full compromise of the browser or, on iOS, potentially the entire device [1][2].
Mitigation
Apple addressed this vulnerability in iOS 8.4.1 (released August 13, 2015) and Safari 6.2.8, 7.1.8, and 8.0.8 (also released August 13, 2015). Users should update to these versions or later. No workarounds are documented [1][2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- cpe:2.3:a:apple:itunes:12.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8, <7.1.8, <8.0.8
- Range: <8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
- www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- support.apple.com/kb/HT205033nvdVendor Advisory
News mentions
0No linked articles in our index yet.