CVE-2014-2019CVE-2014-2019

Affected configuration(s):

cpe:/o:apple:iphone_os:7.0
cpe:/o:apple:iphone_os:7.0.1
cpe:/o:apple:iphone_os:7.0.2
cpe:/o:apple:iphone_os:7.0.3
cpe:/o:apple:iphone_os:7.0.4

Date published: 2014-02-18T06:55:17.027-05:00

Date last modified: 2014-03-16T00:45:41.410-04:00

CVSS Score: 4.9

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml

Summary: The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.