CVE-2014-1360

iPhone OS < 7.1.2 - Activation Lock Bypass via Unverified Activation Server Data

Title source: llm
STIX 2.1

Description

Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68276
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030500
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6441

Scores

EPSS 0.0043
EPSS Percentile 35.0%

Details

CWE
CWE-20
Status published
Products (9)
apple/iphone_os 7.0
apple/iphone_os 7.0.1
apple/iphone_os 7.0.2
apple/iphone_os 7.0.3
apple/iphone_os 7.0.4
apple/iphone_os 7.0.5
apple/iphone_os 7.0.6
apple/iphone_os 7.1
apple/iphone_os < 7.1.1
Published Jul 01, 2014
Tracked Since Feb 18, 2026