Apple · Icloud · CVE-2017-2383
**Name of the Vulnerable Software and Affected Versions**
iTunes before 12.6 on Windows
iCloud before 6.2 on Windows
**Description**
The issue involves cleartext client-certificate transmission in the "APNs Server" component, allowing man-in-the-middle attackers to track users via correlation with this certificate. This is related to the use of plaintext client certificates and their transmission to a vulnerable component.
**Recommendations**
For iTunes before 12.6 on Windows, update to version 12.6 or later to resolve the issue.
For iCloud before 6.2 on Windows, update to version 6.2 or later to resolve the issue.