Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6835 — Apple Iphone OS vulnerability

CWE-2643 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

19.5%

top 4.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Iphone OS

Timeline

PublishedMar 14

Latest updateMay 17

Description

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/iphone_os7.0.6+6

🔴Vulnerability Details

GHSA

GHSA-27gv-hmxx-3r2x: TelephonyUI Framework in Apple iOS 7 before 7↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass↗2014-03-10

▶