Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-5792

Description

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS before 9 and iTunes before 12.3 allows arbitrary code execution via a crafted web site.

Vulnerability

WebKit memory corruption vulnerability in Apple iOS before 9, iTunes before 12.3, and Safari on OS X. Remote attackers can trigger the bug via a crafted website. Affected versions: iOS <9, iTunes <12.3, Safari (as bundled in OS X) before the corresponding updates [1][2][3].

Exploitation

An attacker needs to host a malicious website and lure the victim to visit it. No authentication required. The bug is triggered during processing of the web content, leading to memory corruption.

Impact

Successful exploitation allows arbitrary code execution or denial of service (application crash). The attacker gains whatever privileges the affected application has (user context for Safari/iTunes, potentially higher on iOS? but not specified). Impacts: iOS devices, iTunes on Windows, and Safari on OS X.

Mitigation

Apple released iOS 9 on 2015-09-16, iTunes 12.3 on 2015-09-16, and Safari 9 (bundled with OS X updates) on the same date. Users should update to iOS 9, iTunes 12.3, or apply the Safari update. No workarounds known [1][2][3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./iTunes2 versions
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=12.2
- (no CPE)range: <12.3
Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <=8.0.8
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4.1
Apple Inc./Webkitllm-fuzzy
Apple Inc./iOSllm-fuzzy
Range: <9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Sep/msg00007.htmlnvdVendor Advisory
support.apple.com/HT205212nvdVendor Advisory
support.apple.com/HT205221nvdVendor Advisory
support.apple.com/HT205265nvdVendor Advisory
www.securityfocus.com/bid/76763nvd
www.securitytracker.com/id/1033609nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000