First published: Sun Aug 16 2015(Updated: )
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iTunes for Windows | <=12.2 | |
Apple Mobile Safari | >=6.0<6.2.8 | |
Apple Mobile Safari | >=7.0<7.1.8 | |
Apple Mobile Safari | >=8.0<8.0.8 | |
iStyle @cosme iPhone OS | <8.4.1 | |
Ubuntu | =14.04 | |
Ubuntu | =15.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-3748 has a high severity level, as it allows remote attackers to execute arbitrary code or cause a denial of service.
To fix CVE-2015-3748, update your affected Apple iOS, Safari, or iTunes software to the latest version.
CVE-2015-3748 affects Apple iOS versions prior to 8.4.1, Safari versions prior to 6.2.8, and iTunes versions prior to 12.2.
Yes, CVE-2015-3748 can potentially lead to data loss due to memory corruption and applications crashing.
CVE-2015-3748 is a different vulnerability from other WebKit CVEs, specifically affecting Apple products.