Apple iOS 7.x < 7.0.4 Purchases Authentication Bypass
PVS ID: 8058 FAMILY: Mobile Devices RISK: LOW NESSUS ID:70925
Description: Synopsis :\n\nThe remote host is running a version of iOS that is missing security updates.\n\nThe remote host is an iPhone, iPod Touch, or iPad running a version of iOS that is older than version 7.0.4, which means it may be vulnerable to a flaw wherein a password is not requested prior to making application or in-application purchases. This may allow an attacker to bypass authorization mechanisms for purchases. (CVE-2013-5193)\n\nFor your information, the observed version of iOS is %L.

Solution: Upgrade to iOS 7.0.4 or later.


Copyright Tenable Network Security Inc. 2013