Published: 18/11/2013 Updated: 20/11/2013

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N

The App Store component in Apple iOS prior to 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os 7.0.2
apple iphone os 7.0
apple iphone os 7.0.1
apple iphone os

iOS Update Available – Version 7.0.4 is Here

Securelist • Stefan Tanase • 15 Nov 2013

This week, Apple has released a small but very important update to their popular mobile operating system – iOS 7.0.4. According to the details provided, by Apple, the update comes with several bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail in some cases. But the latest iOS update also comes with an important security fix for CVE-2013-5193, a vulnerability allowing App and In-App purchases to be completed with insufficient authorization – meanin...

CVE-2013-5193

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect