CVE-2015-3758

Name of the Vulnerable Software and Affected Versions iOS versions prior to 8.4.1

Description The issue exists due to insufficient input validation in the UIKit WebView component of the iOS operating system. This allows a remote attacker to initiate arbitrary FaceTime calls using a specially crafted URL, bypassing the intended user-confirmation requirement.

Recommendations For iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to FaceTime or avoiding the use of specially crafted URLs in the affected UIKit WebView component until the issue is resolved.