CVE-2017-2412Cleartext Transmission of Sensitive Info in Apple Iphone OS

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 68.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedApr 2
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDapple/iphone_os10.2.1
Appleapple/ios10.3

🔴Vulnerability Details

1
GHSA
GHSA-j88g-qvq3-g942: An issue was discovered in certain Apple products2022-05-13

📋Vendor Advisories

1
Apple
CVE-2017-2412: iOS 10.32017-03-27