CVE-2013-6835

Published: Mar 14, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

Affected (7)

Products: Apple: Iphone Os

1 product

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.0.6
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0.3
Apple Iphone Os	Version 7.0.4
Apple Iphone Os	Version 7.0.5
Apple Iphone Os	Version 7.0

Running on/with	Platform Versions
Apple Safari	All versions

Related CWEs

References (12)

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: cve@mitre.org

http://seclists.org/bugtraq/2014/Mar/63

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Mar/92

Source: cve@mitre.org

http://support.apple.com/kb/HT6162

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT6441

Source: cve@mitre.org

http://www.securityfocus.com/bid/66108

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/bugtraq/2014/Mar/63

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2014/Mar/92

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6162

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT6441

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66108

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.