CVE-2013-6835
published 2014-03-14CVE-2013-6835: TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote…
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.79%
93.2th percentile
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 7.0.6 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Apple iOS up to 7.1.2 Data Detectors access control (HT6441 / EDB-39114)
vuldb·2026-05-08·CVSS 5.0
CVE-2013-6835 [MEDIUM] Apple iOS up to 7.1.2 Data Detectors access control (HT6441 / EDB-39114)
A vulnerability categorized as critical has been discovered in Apple iOS up to 7.1.2. Affected is an unknown function of the component Data Detectors. The manipulation results in improper access controls.
This vulnerability is reported as CVE-2013-6835. The attack can be launched remotely. Moreover, an exploit is present.
It is advisable to upgrade the affected component.
VulDB
Apple iOS up to 7.1 Facetime Audio-Only URL access control (EDB-39114 / XFDB-91748)
vuldb·2026-05-08·CVSS 5.0
CVE-2013-6835 [MEDIUM] Apple iOS up to 7.1 Facetime Audio-Only URL access control (EDB-39114 / XFDB-91748)
A vulnerability classified as critical has been found in Apple iOS up to 7.1. This issue affects some unknown processing of the component Facetime Audio-Only URL Handler. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2013-6835. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-27gv-hmxx-3r2x: TelephonyUI Framework in Apple iOS 7 before 7
ghsa_unreviewed·2022-05-17
CVE-2013-6835 [MEDIUM] GHSA-27gv-hmxx-3r2x: TelephonyUI Framework in Apple iOS 7 before 7
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://seclists.org/bugtraq/2014/Mar/63http://seclists.org/fulldisclosure/2014/Mar/92http://support.apple.com/kb/HT6162http://support.apple.com/kb/HT6441http://www.securityfocus.com/bid/66108http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://seclists.org/bugtraq/2014/Mar/63http://seclists.org/fulldisclosure/2014/Mar/92http://support.apple.com/kb/HT6162http://support.apple.com/kb/HT6441http://www.securityfocus.com/bid/66108
2014-03-14
Published