An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101533 | Third Party Advisory VDB Entry |
https://support.apple.com/HT208201 | Vendor Advisory |
https://www.info-sec.ca/advisories/Apple-Support.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2017-10-23T01:00:00
Updated: 2017-10-25T09:57:01
Reserved: 2017-03-17T00:00:00
Link: CVE-2017-7147
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-23T01:29:14.080
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-7147
JSON object: View
Redhat Information
No data.
CWE