VIR Vulnerability Intelligence Relay

CVE-2015-5822

medium
Published 2015-09-18 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205265

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205221

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205212

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

OS impact
OSVersionStatusFixed in
macos macosaffected

Application impact
VendorProductVersionsFixed
macos applesafari{"endIncluding":"8.0.8"}
macos appleitunes{"endIncluding":"12.2"}

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.