CVE-2013-4616
Description
Apple iOS 6 and earlier generate weak Wi-Fi WPA2 PSK passphrases using UITextChecker suggestWordInLanguage, enabling remote brute-force attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apple iOS 6 and earlier generate weak Wi-Fi WPA2 PSK passphrases using UITextChecker suggestWordInLanguage, enabling remote brute-force attacks.
Vulnerability
The WifiPasswordController generateDefaultPassword method in Preferences on Apple iOS 6 and earlier uses the UITextChecker suggestWordInLanguage method to generate WPA2 PSK passphrases for Wi-Fi hotspots. This method produces a limited set of possible passphrases, making them susceptible to brute-force attacks. Affected versions: iOS 6 and all earlier versions.
Exploitation
An attacker within wireless range of a vulnerable iOS device's Wi-Fi hotspot can perform a brute-force attack against the generated passphrase. No authentication or user interaction is required beyond the device broadcasting the network. The attacker can systematically try all possible passphrases generated by the weak algorithm.
Impact
Successful exploitation allows the attacker to gain unauthorized access to the Wi-Fi network, compromising the confidentiality and integrity of data transmitted over that network. The attacker can also potentially intercept or modify network traffic.
Mitigation
Apple addressed this issue in iOS 7, released on September 18, 2013 [1]. Users should upgrade to iOS 7 or later to receive the fix. No workaround is available for affected versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=6.0
- cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
- Range: <=6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlnvdVendor Advisory
- secunia.com/advisories/54886nvdVendor Advisory
- lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.htmlnvd
- support.apple.com/kb/HT5934nvd
- www.securitytracker.com/id/1029054nvd
- www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdfnvd
- www1.cs.fau.de/hotspotnvd
News mentions
0No linked articles in our index yet.