First published: Sat Nov 16 2013(Updated: )
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <=7.0.3 | |
Apple iPhone OS | =7.0 | |
Apple iPhone OS | =7.0.1 | |
Apple iPhone OS | =7.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.