Authentication flaw

2013-01-2905:58:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

JSON

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

CPENameOperatorVersion
iphone_osle6.0.2
iphone_oseq6.0
iphone_oseq6.0.1

Name	Operator	Version
iphone_os	le	6.0.2
iphone_os	eq	6.0
iphone_os	eq	6.0.1

References

lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

support.apple.com/kb/HT5642