CVE-2015-5797
Description
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in WebKit via crafted site allows arbitrary code execution on unpatched iOS 9, iTunes 12.2, or Safari.
Vulnerability
A memory corruption vulnerability exists in WebKit, as used in Apple iOS before 9 and iTunes before 12.3, that allows arbitrary code execution or denial of service via a crafted website. The issue is a different vulnerability than other WebKit CVEs addressed in the same advisories [1][2][3].
Exploitation
An attacker can exploit the vulnerability by luring a user to a maliciously crafted website. No user interaction beyond browsing to the site is required; the attacker does not need any privileged network position or authentication [1][2].
Impact
Successful exploitation of the memory corruption leads to arbitrary code execution within the context of the application (Safari, Mail, or iTunes). The attacker may also trigger a denial of service via application crash. The impact is the full compromise of the affected software's process integrity [1][2][3].
Mitigation
Apple fixed this issue in iOS 9 (released September 16, 2015) and iTunes 12.3. Users should update to the latest versions. No workarounds are available; the mitigation is to apply the patches [1][2][3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <12.3
- Range: <9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Sep/msg00007.htmlnvdVendor Advisory
- support.apple.com/HT205212nvdVendor Advisory
- support.apple.com/HT205221nvdVendor Advisory
- support.apple.com/HT205265nvdVendor Advisory
- www.securityfocus.com/bid/76763nvd
- www.securitytracker.com/id/1033609nvd
News mentions
0No linked articles in our index yet.