Vulners
Lucene search
Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics Vulnerability
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | About the security content of Apple Support 1.2 for iOS | 30 Aug 201700:00 | – | apple |
| About the security content of Apple Support 1.2 for iOS - Apple Support | 17 Oct 201709:10 | – | apple |
 | Apple Support Analytics Information Disclosure Vulnerability | 23 Oct 201700:00 | – | cnvd |
 | CVE-2017-7147 | 23 Oct 201701:00 | – | cve |
 | CVE-2017-7147 | 23 Oct 201701:00 | – | cvelist |
 | EUVD-2017-16185 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-7147 | 23 Oct 201701:29 | – | nvd |
 | CVE-2017-7147 | 23 Oct 201701:29 | – | osv |
 | Code injection | 23 Oct 201701:29 | – | prion |
Apple Support iOS Application - Unencrypted Third Party Analytics (CVE-2017-7147)
Overview
"Need help? Apple Support app is your personalized guide to the best options from Apple. Find answers with articles tailored to your products and questions. Call, chat or email with an expert right away, or schedule a callback when itas convenient. Get a repair at an Apple Store or a nearby Apple Authorized Service Provider. Apple Support is here to help."
(https://itunes.apple.com/us/app/apple-support/id1130498044)
Issue
The Apple Support iOS application (version 1.1.1 and below) sends potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
Impact
An attacker who can monitor network traffic could capture potentially sensitive information about the iOS device without the user's knowledge.
Timeline
June 16, 2017 - Notified Apple via [email protected]
June 16, 2017 - Apple sent an auto acknowledgment
June 16, 2017 - Apple responded stating that they are investigating
July 10, 2017 - Asked for a status update
July 10, 2017 - Apple responded stating that they are still investigating
August 21, 2017 - Asked for a status update
August 21, 2017 - Apple responded stating that they are still investigating
August 30, 2017 - Apple released version 1.2 which sends the analytics data over an encrypted connection
October 17, 2017 - Apple published a security advisory to document the issue
Solution
Upgrade to version 1.2 or later
https://support.apple.com/en-ca/HT208201
https://support.apple.com/en-us/HT201222
CVE-ID: CVE-2017-7147
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Oct 2017 00:00Current
5.2Medium risk
Vulners AI Score5.2
EPSS0.00123