Sign-up

ID

VAR-201310-0476


CVE

CVE-2013-5164


TITLE

Apple iOS Vulnerabilities that prevent lock status in phone applications

Trust: 0.8

sources: JVNDB: JVNDB-2013-004870

DESCRIPTION

Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. Apple iOS for iPhone is prone to a local security-bypass vulnerability. An attacker with physical access to a locked device can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A race condition vulnerability exists in the Phone application in Apple's iOS 7.0.2 and earlier versions. The vulnerability is caused by displaying the contacts panel in the locked state of the application

Trust: 1.98

sources: NVD: CVE-2013-5164 // JVNDB: JVNDB-2013-004870 // BID: 63278 // VULHUB: VHN-65166

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:lteversion:7.0.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7.0.3 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:7.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

sources: BID: 63278 // JVNDB: JVNDB-2013-004870 // CNNVD: CNNVD-201310-575 // NVD: CVE-2013-5164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5164
value: LOW

Trust: 1.0

NVD: CVE-2013-5164
value: LOW

Trust: 0.8

CNNVD: CNNVD-201310-575
value: LOW

Trust: 0.6

VULHUB: VHN-65166
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5164
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65166
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65166 // JVNDB: JVNDB-2013-004870 // CNNVD: CNNVD-201310-575 // NVD: CVE-2013-5164

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-65166 // JVNDB: JVNDB-2013-004870 // NVD: CVE-2013-5164

THREAT TYPE

local

Trust: 0.9

sources: BID: 63278 // CNNVD: CNNVD-201310-575

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201310-575

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004870

PATCH
title:APPLE-SA-2013-10-22-1url:http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html
Trust: 0.8
title:HT6010url:http://support.apple.com/kb/HT6010
Trust: 0.8
title:HT6010url:http://support.apple.com/kb/HT6010?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004870

EXTERNAL IDS
db:NVDid:CVE-2013-5164
Trust: 2.8
db:JVNid:JVNVU95174988
Trust: 0.8
db:JVNDBid:JVNDB-2013-004870
Trust: 0.8
db:CNNVDid:CNNVD-201310-575
Trust: 0.7
db:APPLEid:APPLE-SA-2013-10-22-1
Trust: 0.6
db:BIDid:63278
Trust: 0.4
db:VULHUBid:VHN-65166
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65166 // 
            
            
            
            BID: 63278 // 
            
            
            
            JVNDB: JVNDB-2013-004870 // 
            
            
            
            CNNVD: CNNVD-201310-575 // 
            
            
            
            NVD: CVE-2013-5164

REFERENCES
url:http://lists.apple.com/archives/security-announce/2013/oct/msg00002.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5164
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95174988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5164
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65166 // 
            
            
            
            BID: 63278 // 
            
            
            
            JVNDB: JVNDB-2013-004870 // 
            
            
            
            CNNVD: CNNVD-201310-575 // 
            
            
            
            NVD: CVE-2013-5164

CREDITS
Dany Lisiansky
Trust: 0.3
sources:
            
            
            BID: 63278

SOURCES
db:VULHUBid:VHN-65166
db:BIDid:63278
db:JVNDBid:JVNDB-2013-004870
db:CNNVDid:CNNVD-201310-575
db:NVDid:CVE-2013-5164

LAST UPDATE DATE
2025-04-11T20:17:57.857000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65166date:2013-10-24T00:00:00
db:BIDid:63278date:2013-10-22T00:00:00
db:JVNDBid:JVNDB-2013-004870date:2013-10-31T00:00:00
db:CNNVDid:CNNVD-201310-575date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5164date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65166date:2013-10-24T00:00:00
db:BIDid:63278date:2013-10-22T00:00:00
db:JVNDBid:JVNDB-2013-004870date:2013-10-25T00:00:00
db:CNNVDid:CNNVD-201310-575date:2013-10-24T00:00:00
db:NVDid:CVE-2013-5164date:2013-10-24T03:48:48.940