CVE-2013-3948

Name of the Vulnerable Software and Affected Versions Apple iOS version 6.1.3

Description The issue allows remote attackers to trigger the installation of arbitrary applications via a download-manifest itms-services:// URL. This is possible because the software does not follow redirects during the determination of the hostname to display in an installation dialog, leveraging an open redirect vulnerability within a trusted domain.

Recommendations For Apple iOS version 6.1.3, consider restricting access to itms-services:// URLs until a fix is available. As a temporary workaround, avoid using the itms-services:// protocol in trusted domains to minimize the risk of exploitation.