CVE-2015-3730

WebKit in Apple iTunes < 12.2 - Remote Code Execution via Crafted Web Site

Title source: llm
STIX 2.1

Description

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.

References (9)

Core 9
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205221
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033274
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205030
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Mailing List, Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76338
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205033

Scores

EPSS 0.0260
EPSS Percentile 83.5%

Details

CWE
CWE-119
Status published
Products (3)
apple/iphone_os < 8.4.1
apple/itunes < 12.2
apple/safari 6.0 - 6.2.8
Published Aug 16, 2015
Tracked Since Feb 18, 2026