The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a differen