CVE-2013-3948

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:54

Type Values Removed Values Added
References () http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf - Exploit () http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf - Exploit
References () http://support.apple.com/kb/HT6162 - () http://support.apple.com/kb/HT6162 -
References () http://www.syscan.org/index.php/sg/program/day/2 - () http://www.syscan.org/index.php/sg/program/day/2 -

Information

Published : 2013-06-05 14:39

Updated : 2024-11-21 01:54


NVD link : CVE-2013-3948

Mitre link : CVE-2013-3948

CVE.ORG link : CVE-2013-3948


JSON object : View

Products Affected

apple

  • iphone_os
CWE
CWE-20

Improper Input Validation