Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
References
Link | Resource |
---|---|
http://support.apple.com/kb/HT5642 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-01-28 21:58
Updated : 2013-03-15 20:39
NVD link : CVE-2013-0963
Mitre link : CVE-2013-0963
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
apple
- iphone_os