VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-5823

CVE-2015-5823

Description

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit memory corruption in iOS before 9 and iTunes before 12.3 allows remote arbitrary code execution or denial of service via crafted website.

Vulnerability

A memory corruption vulnerability exists in WebKit's JavaScriptCore component, as used in Apple iOS prior to 9 and iTunes prior to 12.3 [1][3]. The flaw can be triggered when processing maliciously crafted web content, leading to memory corruption and application instability.

Exploitation

An attacker can exploit this vulnerability by hosting a crafted website and enticing a user to visit it. No authentication or special network position is required; the user simply needs to browse to the malicious site using a vulnerable version of Safari (on iOS) or the embedded WebView in iTunes.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application or cause a denial of service (application crash). Depending on the application's privileges, this could lead to full system compromise.

Mitigation

Apple addressed this vulnerability in iOS 9 (released September 16, 2015) and iTunes 12.3 (released the same day) [1][3]. Users should update to the latest versions to mitigate the risk. No workarounds are documented.

References
  1. About the security content of iOS 9 - Apple Support
  2. About the security content of iTunes 12.3 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Apple Inc./iTunes2 versions
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=12.2
    • (no CPE)range: <12.3
  • Apple Inc./Safari
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Range: <=8.0.8
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.4.1
  • Apple Inc./iOSllm-fuzzy
    Range: <9

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.