VAR-201310-0476
Vulnerability from variot - Updated: 2025-04-11 20:17Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. Apple iOS for iPhone is prone to a local security-bypass vulnerability. An attacker with physical access to a locked device can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A race condition vulnerability exists in the Phone application in Apple's iOS 7.0.2 and earlier versions. The vulnerability is caused by displaying the contacts panel in the locked state of the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0.3 (iphone 4 or later )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "63278"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dany Lisiansky",
"sources": [
{
"db": "BID",
"id": "63278"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2013-5164",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-65166",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5164",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-5164",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-575",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65166",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65166"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. Apple iOS for iPhone is prone to a local security-bypass vulnerability. \nAn attacker with physical access to a locked device can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A race condition vulnerability exists in the Phone application in Apple\u0027s iOS 7.0.2 and earlier versions. The vulnerability is caused by displaying the contacts panel in the locked state of the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5164"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "BID",
"id": "63278"
},
{
"db": "VULHUB",
"id": "VHN-65166"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5164",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU95174988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2013-10-22-1",
"trust": 0.6
},
{
"db": "BID",
"id": "63278",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65166",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65166"
},
{
"db": "BID",
"id": "63278"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"id": "VAR-201310-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65166"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T20:17:57.857000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-10-22-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html"
},
{
"title": "HT6010",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6010"
},
{
"title": "HT6010",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6010?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65166"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00002.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5164"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95174988/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5164"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65166"
},
{
"db": "BID",
"id": "63278"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65166"
},
{
"db": "BID",
"id": "63278"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65166"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63278"
},
{
"date": "2013-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"date": "2013-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"date": "2013-10-24T03:48:48.940000",
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65166"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63278"
},
{
"date": "2013-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004870"
},
{
"date": "2013-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-575"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5164"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "63278"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Vulnerabilities that prevent lock status in phone applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004870"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-575"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…