Vulnerability Details : CVE-2014-2019
Potential exploit
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
Products affected by CVE-2014-2019
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2019
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2019
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:N |
3.9
|
6.9
|
NIST | |
|
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2014-2019
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2019
-
http://support.apple.com/kb/HT6162
About the security content of iOS 7.1 - Apple SupportVendor Advisory
-
http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml
Major iOS 7 Security Flaw Discovered – VideoThird Party Advisory
-
http://www.youtube.com/watch?v=QnPk4RRWjic
YouTubeExploit;Third Party Advisory
Jump to