CVE-2013-5193

Published: Nov 18, 2013Modified: Apr 29, 2026

4.7

Vector

AV:L/AC:M/Au:N/C:N/I:C/A:N

Exploitability: 3.4 / Impact: 6.9

Source: NVD

Description

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

Affected (4)

Products: Apple: Iphone Os

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.0.3
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0

Related CWEs

References (4)

http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT6058

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT6058

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.