CVE-2012-3741

Apple Iphone OS < 5.1.1 - Authentication Bypass

Title source: rule

Description

The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.

References (3)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

[Vendor Advisory] http://support.apple.com/kb/HT5503

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78721

Scores

EPSS 0.0005

EPSS Percentile 15.9%

Classification

CWE

CWE-287

Status draft

Affected Products (40)

apple/iphone_os < 5.1.1

apple/iphone_os

... and 25 more

Timeline

Published Sep 20, 2012

Tracked Since Feb 18, 2026