Published: 14/03/2014 Updated: 07/01/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

TelephonyUI Framework in Apple iOS 7 prior to 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote malicious users to obtain telephone number or e-mail address information via a facetime-audio: URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone_os
apple iphone_os 7.0.2
apple iphone_os 7.0.3
apple iphone_os 7.0
apple iphone_os 7.0.1
apple iphone_os 7.0.4
apple iphone_os 7.0.5

source: wwwsecurityfocuscom/bid/66108/info Apple iOS is affected by a security-bypass vulnerability Successfully exploiting this issue may allow an attacker to bypass certain security warnings This may aid in further attacks These issues affect Apple iOS versions prior to 71 <iframe src="facetime-audio://user () host com">&l ...

Facetime allows video calls for iOS Facetime-Audio, added in iOS 7, allows audio only calls The audio version uses a vulnerable URL scheme which is not used by Facetime Video The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the use ...

CWE-264 http://seclists.org/bugtraq/2014/Mar/63 http://support.apple.com/kb/HT6162 http://seclists.org/fulldisclosure/2014/Mar/92 http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://www.securityfocus.com/bid/66108 http://support.apple.com/kb/HT6441 https://nvd.nist.gov https://www.exploit-db.com/exploits/39114/

CVE-2013-6835

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect