SB2014070111 - Permissions, Privileges, and Access Controls in Apple tvOS
Published: July 1, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-1383)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to read and manipulate data.
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.
Remediation
Install update from vendor's website.