CVE-2013-6835
iPhone OS < 7.1 - Unauthenticated Information Disclosure via FaceTime Audio URL
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6835. PoCs published by Guillaume Ross.
AI-analyzed exploit summary This exploit leverages a security-bypass vulnerability in Apple iOS by using a crafted iframe with a 'facetime-audio://' URI to bypass security warnings. It affects iOS versions prior to 7.1.
Description
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
Exploits (1)
This exploit leverages a security-bypass vulnerability in Apple iOS by using a crafted iframe with a 'facetime-audio://' URI to bypass security warnings. It affects iOS versions prior to 7.1.