CVE-2015-1119
First published: Fri Apr 10 2015(Updated: )
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iStyle @cosme iPhone OS | <=8.2 | |
| tvOS | <=7.1 | |
| Apple Mobile Safari | <=6.2.4 | |
| Apple Mobile Safari | =7.0 | |
| Apple Mobile Safari | =7.0.1 | |
| Apple Mobile Safari | =7.0.2 | |
| Apple Mobile Safari | =7.0.3 | |
| Apple Mobile Safari | =7.0.4 | |
| Apple Mobile Safari | =7.0.5 | |
| Apple Mobile Safari | =7.0.6 | |
| Apple Mobile Safari | =7.1.0 | |
| Apple Mobile Safari | =7.1.1 | |
| Apple Mobile Safari | =7.1.2 | |
| Apple Mobile Safari | =7.1.3 | |
| Apple Mobile Safari | =7.1.4 | |
| Apple Mobile Safari | =8.0.0 | |
| Apple Mobile Safari | =8.0.1 | |
| Apple Mobile Safari | =8.0.2 | |
| Apple Mobile Safari | =8.0.3 | |
| Apple Mobile Safari | =8.0.4 | |
| iTunes | <=12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
- http://www.securityfocus.com/bid/73972
- http://www.securitytracker.com/id/1032047
- https://support.apple.com/HT204658
- https://support.apple.com/HT204661
- https://support.apple.com/HT204662
- https://support.apple.com/kb/HT204949
Frequently Asked Questions
What is the severity of CVE-2015-1119?
CVE-2015-1119 is a high severity vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption.
How do I fix CVE-2015-1119?
To mitigate CVE-2015-1119, update your affected devices to the latest versions of iOS, tvOS, or Safari as recommended by Apple.
Which software is affected by CVE-2015-1119?
CVE-2015-1119 affects Apple iOS versions before 8.3, tvOS versions before 7.2, and various versions of Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5.
What kind of attack does CVE-2015-1119 enable?
CVE-2015-1119 enables attackers to exploit the vulnerability via a crafted website, potentially leading to remote code execution or application crashes.
Was CVE-2015-1119 fixed by Apple?
Yes, Apple released updates addressing CVE-2015-1119 as part of their security updates in April 2015.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/8.2
- canonical/tvos
- version/tvos/7.1
- canonical/apple mobile safari
- version/apple mobile safari/6.2.4
- version/apple mobile safari/7.0
- version/apple mobile safari/7.0.1
- version/apple mobile safari/7.0.2
- version/apple mobile safari/7.0.3
- version/apple mobile safari/7.0.4
- version/apple mobile safari/7.0.5
- version/apple mobile safari/7.0.6
- version/apple mobile safari/7.1.0
- version/apple mobile safari/7.1.1
- version/apple mobile safari/7.1.2
- version/apple mobile safari/7.1.3
- version/apple mobile safari/7.1.4
- version/apple mobile safari/8.0.0
- version/apple mobile safari/8.0.1
- version/apple mobile safari/8.0.2
- version/apple mobile safari/8.0.3
- version/apple mobile safari/8.0.4
- canonical/itunes
- version/itunes/12.1