CVE Vulnerabilities

CVE-2013-5193

Published: Nov 18, 2013 | Modified: Nov 20, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:N
RedHat/V2
RedHat/V3
Ubuntu

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

Affected Software

Name Vendor Start Version End Version
Iphone_os Apple * 7.0.3
Iphone_os Apple 7.0.1 7.0.1
Iphone_os Apple 7.0.2 7.0.2
Iphone_os Apple 7.0 7.0

References