An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.
References
Link | Resource |
---|---|
https://support.apple.com/HT207607 | Vendor Advisory |
https://support.apple.com/HT207599 | Vendor Advisory |
http://www.securityfocus.com/bid/97175 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038157 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-04-01 18:59
Updated : 2017-07-11 18:29
NVD link : CVE-2017-2383
Mitre link : CVE-2017-2383
JSON object : View
CWE
Products Affected
apple
- itunes
- icloud