CVE-2013-6835

EPSS 6.8%

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/39114unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://seclists.org/bugtraq/2014/Mar/63 http://seclists.org/fulldisclosure/2014/Mar/92 http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6441 http://www.securityfocus.com/bid/66108