Vulnerability Description
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple Support | <= 1.1.1 |
| Apple | Iphone Os | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101533Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208201Vendor Advisory
- https://www.info-sec.ca/advisories/Apple-Support.htmlThird Party Advisory
- http://www.securityfocus.com/bid/101533Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208201Vendor Advisory
- https://www.info-sec.ca/advisories/Apple-Support.htmlThird Party Advisory
FAQ
What is CVE-2017-7147?
CVE-2017-7147 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive an...
How severe is CVE-2017-7147?
CVE-2017-7147 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7147?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Apple Support, Apple Iphone Os.