Vulnerability Description
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | < 7.1 |
Related Weaknesses (CWE)
References
- http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011Third Party Advisory
- http://support.apple.com/kb/HT6162Vendor Advisory
- http://www.youtube.com/watch?v=QnPk4RRWjicExploitThird Party Advisory
- http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011Third Party Advisory
- http://support.apple.com/kb/HT6162Vendor Advisory
- http://www.youtube.com/watch?v=QnPk4RRWjicExploitThird Party Advisory
FAQ
What is CVE-2014-2019?
CVE-2014-2019 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account acti...
How severe is CVE-2014-2019?
CVE-2014-2019 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2019?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.