CVE-2013-5193 — Apple Iphone OS vulnerability
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 85.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 18
Latest updateMay 17
Description
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
CVSS vector
AV:L/AC:M/C:N/I:C/A:NExploitability: 3.4 | Impact: 6.9