VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3736

CVE-2015-3736

Description

Memory corruption in WebKit in Apple iOS and Safari allows arbitrary code execution via crafted website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in WebKit in Apple iOS and Safari allows arbitrary code execution via crafted website.

Vulnerability

CVE-2015-3736 is a memory corruption vulnerability in WebKit, the rendering engine used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.1.8, and 8.0.8 [1][2]. The bug occurs during processing of crafted web content, leading to memory corruption.

Exploitation

An attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. No additional privileges or user interaction beyond browsing is required [1][2].

Impact

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via memory corruption [1][2]. The impact is full system compromise on iOS or Safari on OS X.

Mitigation

Apple addressed the issue in iOS 8.4.1 and Safari 6.2.8, 7.1.8, 8.0.8, released August 13, 2015 [1][2]. Users should update to the latest versions. No workarounds are available.

References
  1. About the security content of iOS 8.4.1 - Apple Support
  2. About the security content of Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.