Vulnerability CVE-2013-6835
Published: 2014-03-14   Modified: 2014-03-18

Description:
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Apple Facetime Information Disclosure
Guillaume
12.03.2014

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Apple -> Iphone os 

 References:
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://seclists.org/bugtraq/2014/Mar/63
http://seclists.org/fulldisclosure/2014/Mar/92
http://support.apple.com/kb/HT6162
http://support.apple.com/kb/HT6441
http://www.securityfocus.com/bid/66108
Copyright 2024, cxsecurity.com

 

Back to Top