Detections
Analytics
Apple iOS < 7.0.4 App and In-App Purchase Security Bypass
medium Nessus Plugin ID 70925
Language:
Synopsis
The version of iOS running on the mobile device is affected by a security bypass vulnerability.Description
The mobile device is running a version of iOS that is older than version 7.0.4. It is, therefore, affected by a security bypass vulnerability. A signed-in user could potentially bypass the password mechanism related to App and In-App purchases.Solution
Upgrade to Apple iOS 7.0.4 or later.See Also
http://support.apple.com/kb/HT6058
http://www.nessus.org/u?d6e8e292
https://www.securityfocus.com/archive/1/529818/30/0/threaded
Plugin Details
Severity: Medium
ID: 70925
File Name: apple_ios_704_check.nbin
Version: 1.97
Type: local
Family: Mobile Devices
Published: 11/15/2013
Updated: 4/8/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 4.7
Temporal Score: 3.5
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2013-5193
Vulnerability Information
CPE: cpe:/o:apple:iphone_os
Required KB Items: mdm/dependency/unlocked
Exploit Ease: No known exploits are available
Patch Publication Date: 11/14/2013
Vulnerability Publication Date: 11/14/2013
Reference Information
CVE: CVE-2013-5193
BID: 63723
APPLE-SA: APPLE-SA-2013-11-14-1