Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without userβs approval and obtain video and audio data from a device via a crafted web site.
[
{
"product": "Yandex Browser for iOS",
"vendor": "Yandex N.V.",
"versions": [
{
"status": "affected",
"version": "before 16.10.0.2357 for iOS"
}
]
}
]