CVE-2017-13863 — Improper Certificate Validation in Apple Iphone OS

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 69.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple IOS

Timeline

PublishedApr 3

Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDapple/iphone_os< 11.0

▶Appleapple/ios11

🔴Vulnerability Details

GHSA

GHSA-vc62-m272-7vg5: An issue was discovered in certain Apple products↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2017-13863: iOS 11↗2017-09-19

▶