CVE-2013-0963

Vulnerability

Identity Services in Apple iOS before 6.1 fails to properly handle validation failures of AppleID certificates. When a certificate fails validation, the system incorrectly assigns an empty string value to the AppleID instead of returning NULL or an error. This affects iPhone 3GS and later, iPod touch (4th generation) and later running versions prior to iOS 6.1.

Exploitation

An attacker with physical proximity to a device can exploit this issue by inducing a condition where the user's AppleID certificate fails to validate. If multiple devices belonging to different users enter this invalid state, the attacker can potentially trigger authentication bypass by leveraging the mistaken identity that results from the empty string assignment.

Impact

Successful exploitation leads to bypassing of authentication that relies on certificate-based AppleID verification. Applications depending on this identity determination may erroneously extend trust to an attacker, resulting in unauthorized access to user data and services.

Mitigation

Apple addressed this issue by ensuring that NULL is returned instead of an empty string when certificate validation fails. The fix is included in iOS 6.1, released on 2013-01-28. Users should update to iOS 6.1 or later via the device's Software Update mechanism.[1]