Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-06-05T10:00:00
Updated: 2024-08-06T16:30:48.188Z
Reserved: 2013-06-05T00:00:00
Link: CVE-2013-3948
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-06-05T14:39:55.837
Modified: 2014-03-16T04:38:44.947
Link: CVE-2013-3948
Redhat
No data.