CVE-2016-8507
MEDIUMYandex Browser for iOS <16.10.0.2357 - Info Disclosure
Title source: llmDescription
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://yandex.com/blog/security-changelogs/fixed-in-version-16-10
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96517
Scores
CVSS v3
6.5
EPSS
0.0152
EPSS Percentile
71.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
yandex/yandex_browser
< 16.10.0.2357
Yandex N.V./Yandex Browser for iOS
before 16.10.0.2357 for iOS
Published
Mar 01, 2017
Tracked Since
Feb 18, 2026