QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2019

Published: Feb 18, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml

x_refsource_MISC

http://support.apple.com/kb/HT6162

x_refsource_CONFIRM

http://www.youtube.com/watch?v=QnPk4RRWjic

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.