CVE-2014-2019 - Vulnerability Details - OpenCVE

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os

Configuration 1 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml
http://support.apple.com/kb/HT6162
http://www.youtube.com/watch?v=QnPk4RRWjic

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-18T11:00:00

Updated: 2024-08-06T09:58:16.194Z

Reserved: 2014-02-18T00:00:00

Link: CVE-2014-2019

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-18T11:55:17.027

Modified: 2025-04-11T00:51:21.963

Link: CVE-2014-2019

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T03:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT6162"}, {"tags": ["x_refsource_MISC"], "url": "http://www.youtube.com/watch?v=QnPk4RRWjic"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2019", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml", "refsource": "MISC", "url": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml"}, {"name": "http://support.apple.com/kb/HT6162", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6162"}, {"name": "http://www.youtube.com/watch?v=QnPk4RRWjic", "refsource": "MISC", "url": "http://www.youtube.com/watch?v=QnPk4RRWjic"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:16.194Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT6162"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.youtube.com/watch?v=QnPk4RRWjic"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2019", "datePublished": "2014-02-18T11:00:00", "dateReserved": "2014-02-18T00:00:00", "dateUpdated": "2024-08-06T09:58:16.194Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F586A33-057B-4BE7-B7BD-6E8D634AB3A3", "versionEndExcluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value."}, {"lang": "es", "value": "El subsistema iCloud en Apple iOS anterior a 7.1 permite a atacantes f\u00edsicamente pr\u00f3ximos evadir un requisito de contrase\u00f1a, y apagar el servicio Find My iPhone o completar una acci\u00f3n Delete Account y luego asociar este servicio con una cuenta diferente de Apple ID, mediante la introducci\u00f3n de un valor de iCloud Account Password arbitrario y un valor iCloud Account Description en blanco."}], "id": "CVE-2014-2019", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2014-02-18T11:55:17.027", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT6162"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.youtube.com/watch?v=QnPk4RRWjic"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT6162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.youtube.com/watch?v=QnPk4RRWjic"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}