VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-5793

CVE-2015-5793

Description

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in Apple iOS before 9 and iTunes before 12.3 allows remote code execution via crafted website.

Vulnerability

WebKit, specifically the JavaScriptCore component, contains a memory corruption vulnerability in Apple iOS versions prior to 9 and iTunes versions prior to 12.3. A remote attacker can trigger this issue by luring a user to a crafted website, leading to memory corruption and application crash. [1][3]

Exploitation

An attacker needs only to host a malicious website and convince a user to visit it. No authentication or special network position is required. The crafted web content causes memory corruption in WebKit's processing, potentially leading to arbitrary code execution.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the affected device or cause a denial of service via application crash. The code runs in the context of the WebKit process, which may have access to user data.

Mitigation

Apple addressed this vulnerability in iOS 9 and iTunes 12.3, released on September 16, 2015. Users should update to these versions or later. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. About the security content of iOS 9 - Apple Support
  2. About the security content of iTunes 12.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Apple Inc./iTunes2 versions
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=12.2
    • (no CPE)range: <12.3
  • Apple Inc./Safari
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Range: <=8.0.8
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.4.1
  • Apple Inc./iOSllm-fuzzy
    Range: <9

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.