CVE-2015-3746
Description
A memory corruption vulnerability in WebKit allows remote attackers to execute arbitrary code or cause denial of service via a crafted website, affecting Apple iOS and Safari before certain versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in WebKit allows remote attackers to execute arbitrary code or cause denial of service via a crafted website, affecting Apple iOS and Safari before certain versions.
Vulnerability
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, contains a memory corruption issue that can be triggered by processing maliciously crafted web content. This is a different vulnerability than other WebKit CVEs listed in the Apple security updates [1][2].
Exploitation
An attacker can exploit this vulnerability by hosting a crafted website that, when visited by a user, triggers memory corruption in WebKit. No special authentication or network position beyond delivering the web content is required; the victim only needs to load the malicious page in Safari or any application using WebKit on affected iOS versions.
Impact
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service (application crash). The precise impact depends on the memory corruption; arbitrary code execution could give the attacker the same privileges as the user running the affected application.
Mitigation
Apple addressed this issue in iOS 8.4.1 [1] and Safari 8.0.8, 7.1.8, and 6.2.8 [2]. Users should update to the latest versions. As of the publication date (August 2015), these updates were available. No workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: >=6.0,<6.2.8
- (no CPE)range: <6.2.8, <7.1.8, <8.0.8
- Range: <8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdMailing ListPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdMailing ListVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlnvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/76338nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033274nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- support.apple.com/kb/HT205033nvdVendor Advisory
News mentions
0No linked articles in our index yet.