PT-2017-15405 · Apple · Music

David Coomber

·

Publicado

2017-04-07

·

Atualizado

2019-10-03

·

CVE-2017-2387

CVSS v3.1

4.8

Média

VetorAV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apple Music (aka com.apple.android.music) version 1.x and earlier
Description The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because it does not verify X.509 certificates from SSL servers.
Recommendations For Apple Music (aka com.apple.android.music) version 1.x and earlier, update to version 2.0 or later to resolve the issue.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2017-2387

Produtos afetados

Music