MEDIUM 6.5
CVE-2016-8507
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| yandex | yandex_browser | iOS | <16.10.0.2357 | cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:iphone_os:*:* |