← back
CVE-2014-2019

CVE-2014-2019

EPSS 0.5%
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtmlhttp://support.apple.com/kb/HT6162http://www.youtube.com/watch?v=QnPk4RRWjic