CVE-2013-3948

Published: Jun 5, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.

Affected (1)

Products: Apple: Iphone Os

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 6.1.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf

Source: cve@mitre.org

Exploit

http://support.apple.com/kb/HT6162

Source: cve@mitre.org

http://www.syscan.org/index.php/sg/program/day/2

Source: cve@mitre.org

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://support.apple.com/kb/HT6162

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.syscan.org/index.php/sg/program/day/2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.