VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-5789

CVE-2015-5789

Description

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in WebKit allows remote attackers to execute arbitrary code or cause a denial of service via a crafted website, affecting Apple iOS before 9 and iTunes before 12.3.

Vulnerability

A memory corruption vulnerability exists in WebKit, the rendering engine used in Apple iOS before version 9 and iTunes before version 12.3 [1][3]. The issue can be triggered by visiting a crafted website, leading to memory corruption and application crash. The vulnerability is distinct from other WebKit CVEs addressed in the same security updates.

Exploitation

An attacker can exploit this vulnerability by hosting a malicious website and enticing a user to visit it. No additional authentication or user interaction beyond visiting the site is required. The crafted content triggers memory corruption in WebKit's processing, potentially allowing arbitrary code execution.

Impact

Successful exploitation could allow a remote attacker to execute arbitrary code on the affected device or cause a denial of service (application crash). The attacker gains the ability to run code within the context of the WebKit process, which may lead to further compromise of the system.

Mitigation

Apple addressed this vulnerability in iOS 9 and iTunes 12.3, released on September 16, 2015 [1][3]. Users should update to these versions or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. About the security content of iOS 9 - Apple Support
  2. About the security content of iTunes 12.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Apple Inc./iTunes2 versions
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=12.2
    • (no CPE)range: <12.3
  • Apple Inc./Safari
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Range: <=8.0.8
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.4.1
  • Apple Inc./iOSllm-fuzzy
    Range: <9

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.