Description
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6162
Various Sources x_refsource_misc
http://www.syscan.org/index.php/sg/program/day/2
Scores
EPSS
0.0180
EPSS Percentile
75.8%
Details
CWE
CWE-20
Status
published
Products (1)
apple/iphone_os
6.1.3
Published
Jun 05, 2013
Tracked Since
Feb 18, 2026