Vulnerabilities > CVE-2013-5193 - Credentials Management vulnerability in Apple Iphone OS
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
NONE Summary
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 63723 CVE(CAN) ID: CVE-2013-5193 iOS是由苹果公司为移动设备所开发的操作系统,支持的设备包括iPhone、iPod touch、iPad、Apple TV。 Apple iOS 7.0.4之前版本存在本地安全限制绕过漏洞,物理位置接近的攻击者可利用此漏洞无需密码,即可绕过某些安全限制,完成交易,执行未授权操作。此漏洞源于没有有效授权App及In-App购买权限。 0 Apple iOS 7.0.4 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/support/downloads/ http://support.apple.com/kb/HT1222 |
id | SSV:61074 |
last seen | 2017-11-19 |
modified | 2013-11-17 |
published | 2013-11-17 |
reporter | Root |
title | Apple iOS本地安全限制绕漏洞(CVE-2013-5193) |
The Hacker News
id | THN:D6D7C954D88C6AFE78B96CD49F860976 |
last seen | 2017-01-08 |
modified | 2013-11-16 |
published | 2013-11-16 |
reporter | Wang Wei |
source | http://thehackernews.com/2013/11/Apple-iOS-7.0.4-Store-purchase-vulnerability.html |
title | Apple iOS 7.0.4 update released to patch Apple Store purchase vulnerability |