Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-5825

Description

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.

Affected products

Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <=8.0.8
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Sep/msg00007.htmlnvdVendor Advisory
support.apple.com/HT205212nvdVendor Advisory
support.apple.com/HT205265nvdVendor Advisory
lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlnvd
www.securityfocus.com/bid/76766nvd
www.securitytracker.com/id/1033609nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000