Apple iOS 7.x < 7.0.4 Purchases Authentication Bypass

Low

Synopsis

The remote host is running a version of iOS that is missing security updates.

Description

The remote host is an iPhone, iPod Touch, or iPad running a version of iOS that is older than version 7.0.4, which means it may be vulnerable to a flaw wherein a password is not requested prior to making application or in-application purchases. This may allow an attacker to bypass authorization mechanisms for purchases. (CVE-2013-5193)

Solution

Upgrade to iOS 7.0.4 or later.