Vulnerability Name:

CCN-87767

Published:2013-10-03
Updated:2013-10-03
Summary:Apple iPhone could allow a local attacker to bypass security restrictions, caused by the failure to communicate with the Find My iPhone feature when the airplane mode is enabled. An attacker could exploit this vulnerability to gain access to sensitive information or prevent the original owner from registering a new account to the device.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Apple Web site
iPhone

Source: CCN
Type: OSVDB ID: 98150
Apple iPhone Find My iPhone Feature Airplane Mode Bypass

Source: CCN
Type: Reuters Web site
Exclusive: Security firm says iPhone bug can thwart device wiper

Source: XF
Type: UNKNOWN
apple-iphone-findmyiphone-sec-bypass(87767)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:apple:ios:7.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple iphone os 7.0.2