Remote Code Execution in Yandex Browser for iOS
CVE-2016-8507

6.5MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For iOS
Vendor: CVE Published:; 1 March 2017

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8507?

Yandex Browser for iOS prior to version 16.10.0.2357 contains a critical flaw that does not adequately restrict the handling of facetime:// URLs. This weakness potentially enables remote attackers to initiate a FaceTime call without user consent, allowing them to capture audio and video from the device. Users are advised to update their browsers to the latest version to mitigate this security risk.

Affected Version(s)

Yandex Browser for iOS before 16.10.0.2357 for iOS

References

https://yandex.com/blog/security-changelogs/fixed-in-vers...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96517

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2017
Vulnerability Reserved
Oct 7, 2016

JSON