CVE-2013-3948

Apple Iphone OS - Improper Input Validation

Title source: rule
STIX 2.1

Description

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.

References (3)

Core 3

Scores

EPSS 0.0180
EPSS Percentile 75.8%

Details

CWE
CWE-20
Status published
Products (1)
apple/iphone_os 6.1.3
Published Jun 05, 2013
Tracked Since Feb 18, 2026