CVE-2017-7079Files or Directories Accessible to External Parties in Apple Itunes

CWE-552Files or Directories Accessible to External Parties4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 46.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Itunes
Timeline
PublishedOct 23
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDapple/itunes12.6.2

🔴Vulnerability Details

2
GHSA
GHSA-wg6f-8qgj-cpw7: An issue was discovered in certain Apple products2022-05-13
CVEList
CVE-2017-7079: An issue was discovered in certain Apple products2017-10-23

📋Vendor Advisories

1
Apple
CVE-2017-7079: iTunes 12.72017-09-12
CVE-2017-7079 — Apple Itunes vulnerability | cvebase