CVE-2013-0974

EUVD-2013-0985
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 6.0.2
appleiphone_os
6.0
appleiphone_os
6.0.1
𝑥
= Vulnerable software versions
References
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
http://osvdb.org/89658
http://support.apple.com/kb/HT5642
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
http://osvdb.org/89658
http://support.apple.com/kb/HT5642