Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2019

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2014-2019
Last Modified 16 Mar 2014 12:45:41
Published 18 Feb 2014 06:55:17
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-2019

Summary

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

Vulnerable Systems

Operating System

  • Apple Iphone Os 7.0

  • Apple Iphone Os 7.0.1

  • Apple Iphone Os 7.0.2

  • Apple Iphone Os 7.0.3

  • Apple Iphone Os 7.0.4


References

MISC - http://www.youtube.com/watch?v=QnPk4RRWjic

MISC - http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml

CONFIRM - http://support.apple.com/kb/HT6162


Last Updated: 27 May 2016 11:04:28