The iCloud subsystem in Apple iOS prior to 7.1 allows physically proximate malicious users to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |