CVE-2015-3737
Description
A memory corruption vulnerability in WebKit allows remote code execution via a crafted website, patched in iOS 8.4.1 and Safari 6.2.8/7.1.8/8.0.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in WebKit allows remote code execution via a crafted website, patched in iOS 8.4.1 and Safari 6.2.8/7.1.8/8.0.8.
Vulnerability
CVE-2015-3737 is a memory corruption vulnerability in WebKit, the rendering engine used by Apple's Safari browser and iOS. The issue affects iOS versions before 8.4.1 and Safari versions before 6.2.8 on OS X Mountain Lion, before 7.1.8 on OS X Mavericks, and before 8.0.8 on OS X Yosemite [1][2]. The vulnerability is triggered when processing maliciously crafted web content, leading to memory corruption.
Exploitation
An attacker can exploit this vulnerability by luring a victim to visit a specially crafted website. No additional privileges or user interaction beyond normal browsing is required. The attacker does not need to be on the same network; the website can be hosted remotely.
Impact
Successful exploitation can lead to arbitrary code execution with the privileges of the Safari or WebKit process. Alternatively, it may cause a denial of service due to application crash. The impact is device-wide for iOS or user-level for OS X.
Mitigation
Apple addressed this vulnerability in iOS 8.4.1 released on August 13, 2015 [1], and in Safari 6.2.8, 7.1.8, and 8.0.8 released on the same date [2]. Users are advised to update to the latest versions. No workarounds are available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8, <7.1.8, <8.0.8
- Range: <8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
- www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- support.apple.com/kb/HT205033nvdVendor Advisory
News mentions
0No linked articles in our index yet.