The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-02-18T11:00:00
Updated: 2024-08-06T09:58:16.194Z
Reserved: 2014-02-18T00:00:00
Link: CVE-2014-2019
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-02-18T11:55:17.027
Modified: 2019-09-27T17:29:55.823
Link: CVE-2014-2019
Redhat
No data.