CVE-2015-3749

iTunes < 12.2 - Remote Code Execution via Memory Corruption

Title source: manual
STIX 2.1

Description

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.

References (10)

Core 10
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205221
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033274
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205030
Mailing List, Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76338
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205033
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2937-1

Scores

EPSS 0.0267
EPSS Percentile 84.0%

Details

CWE
CWE-119
Status published
Products (5)
apple/iphone_os < 8.4.1
apple/itunes < 12.2
apple/safari 6.0 - 6.2.8
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
Published Aug 16, 2015
Tracked Since Feb 18, 2026