CVE-2013-0963
iPhone OS < 6.1 - Authentication Bypass via AppleID Certificate Validation Failure
Title source: llmDescription
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
References (3)
Core 3
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5642
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Scores
EPSS
0.0021
EPSS Percentile
11.5%
Details
CWE
CWE-20
Status
published
Products (3)
apple/iphone_os
6.0
apple/iphone_os
6.0.1
apple/iphone_os
< 6.0.2
Published
Jan 29, 2013
Tracked Since
Feb 18, 2026