Vulnerability Description
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 6.0.2 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://support.apple.com/kb/HT5642Vendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://support.apple.com/kb/HT5642Vendor Advisory
FAQ
What is CVE-2013-0963?
CVE-2013-0963 is a vulnerability with a CVSS score of 2.1 (LOW). Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging ...
How severe is CVE-2013-0963?
CVE-2013-0963 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0963?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.