Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3742

Description

WebKit memory corruption in Apple iOS and Safari allows remote code execution or denial of service via crafted website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS and Safari allows remote code execution or denial of service via crafted website.

Vulnerability

A memory corruption vulnerability exists in WebKit, the rendering engine used by Apple’s Safari browser and iOS. The flaw can be triggered when processing a maliciously crafted website. Affected versions include Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 [1][2].

Exploitation

An attacker can exploit this vulnerability by luring a user to visit a specially crafted web page. No additional privileges or user interaction beyond visiting the page is required. The attacker needs to host the malicious site or inject the content into a trusted site.

Impact

Successful exploitation can lead to arbitrary code execution in the context of the application (WebKit) or cause a denial of service due to memory corruption and application crash. This could potentially allow the attacker to take control of the affected device or browser.

Mitigation

Apple addressed this vulnerability in iOS 8.4.1 (released August 13, 2015) and Safari 8.0.8, 7.1.8, and 6.2.8 (released August 13, 2015) [1][2]. Users should update to the latest versions. No workarounds are available.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./iTunes
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Range: <=12.2
Apple Inc./Safari2 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8 (6.x); <7.1.8 (7.x); <8.0.8 (8.x)
Apple Inc./Iphone OS
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <8.4.1
Apple Inc./Webkitllm-fuzzy
Apple Inc./iOSllm-fuzzy
Range: <8.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlnvdMailing ListThird Party Advisory
www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
support.apple.com/HT205221nvdVendor Advisory
support.apple.com/kb/HT205030nvdVendor Advisory
support.apple.com/kb/HT205033nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000