CVE-2014-1383
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.
Date published : 2014-07-01
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html