CVE-2016-8507

Name of the Vulnerable Software and Affected Versions Yandex Browser for iOS versions prior to 16.10.0.2357

Description The issue is related to improper restriction of processing of facetime:// URLs, which allows remote attackers to initiate a facetime call without the user's approval and obtain video and audio data from a device via a crafted web site. The vulnerability is associated with errors in checking URLs with the facetime:// scheme, allowing a remote attacker to initiate a video call without notifying the user.

Recommendations For Yandex Browser for iOS versions prior to 16.10.0.2357, update to version 16.10.0.2357 or later to resolve the issue. As a temporary workaround, consider avoiding the use of facetime:// URLs in the affected browser until a patch is applied. Restrict access to the facetime functionality to minimize the risk of exploitation.