CVE-2013-6835
Description
In iOS 7 before 7.1, Safari initiates FaceTime audio calls without user confirmation, exposing the user's phone number or email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In iOS 7 before 7.1, Safari initiates FaceTime audio calls without user confirmation, exposing the user's phone number or email.
Vulnerability
In iOS 7 prior to version 7.1, the TelephonyUI Framework fails to prompt the user before initiating a FaceTime audio call via the facetime-audio:// URL scheme [2][3]. This affects Safari, which automatically processes the URL without any confirmation dialog.
Exploitation
An attacker can embed an ` with a facetime-audio://` URL pointing to the attacker's phone number or email address [3][4]. When the victim visits the malicious page, Safari automatically initiates a FaceTime audio call to the attacker's device without any user interaction beyond loading the page.
Impact
The call attempt reveals the victim's phone number or email address (caller ID) to the attacker [3]. This is an information disclosure vulnerability that compromises the user's privacy. The attacker does not need to establish a full call; the outbound request alone leaks the user identity.
Mitigation
Apple fixed this issue in iOS 7.1, released on March 10, 2014 [2]. Users should update to iOS 7.1 or later. No workarounds are documented for earlier versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.0.6
- cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
- Range: <7.1
- Range: <7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The `facetime-audio://` URL scheme handler in Safari on iOS 7 before 7.1 initiates a FaceTime audio call without prompting the user for confirmation."
Attack vector
An attacker hosts a web page containing an inline iframe with `src="facetime-audio://user@host.com"` (or a direct malicious link). When a victim using iOS 7 before 7.1 browses to that page in Safari, the `facetime-audio://` URL scheme triggers a FaceTime audio call to the attacker's specified address without any user confirmation prompt [ref_id=1][ref_id=2]. The call itself reveals the victim's phone number or email address to the attacker, similar to a cross-app CSRF attack [ref_id=1][ref_id=2].
Affected code
The advisory does not specify exact function or file paths. The vulnerable component is the TelephonyUI Framework in iOS 7 before 7.1, specifically the handler for the `facetime-audio://` URL scheme in Safari [ref_id=1][ref_id=2].
What the fix does
Apple resolved the issue in iOS 7.1 by adding a user confirmation prompt before establishing a FaceTime audio call from a `facetime-audio://` URL [ref_id=1][ref_id=2]. No patch diff is available in the bundle; the advisory states the fix is described in Apple's security content for iOS 7.1 at http://support.apple.com/kb/HT6162 [ref_id=1][ref_id=2].
Preconditions
- configVictim must be using iOS 7 prior to 7.1
- inputVictim must browse to a malicious page in Safari
- inputAttacker must control a phone number or email address to receive the call
Reproduction
Create an HTML page containing `
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6News mentions
0No linked articles in our index yet.