CVE-2016-8507

Summary

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

Affected Software

VendorProductVersion RangeStatus
Yandex N.V.Yandex Browser for iOSbefore 16.10.0.2357 for iOSaffected

Weaknesses

  • Insecure pocessing of facetime URL schemes

ADP Enrichment

CVE Program Container

Additional References

References