icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apple iOS 7.x < 7.0.4 Purchases Authentication Bypass

Medium

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by a vulnerability wherein a password is not requested prior to making application or in-application purchases. This may allow an attacker to bypass authorization mechanisms for purchases. (CVE-2013-5193)

Solution

Upgrade to Apple iOS 7.0.4 or later.