CVE-2013-0963

iPhone OS < 6.1 - Authentication Bypass via AppleID Certificate Validation Failure

Title source: llm
STIX 2.1

Description

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

References (3)

Core 3
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5642
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

Scores

EPSS 0.0021
EPSS Percentile 11.5%

Details

CWE
CWE-20
Status published
Products (3)
apple/iphone_os 6.0
apple/iphone_os 6.0.1
apple/iphone_os < 6.0.2
Published Jan 29, 2013
Tracked Since Feb 18, 2026