PT-2017-17542 · Apple+1 · Isupport+1
David Coomber
·
Published
2017-10-23
·
Updated
2019-10-03
·
CVE-2017-7147
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Support app version 1.1 and earlier
Description
The issue involves the
Analytics component and allows remote attackers to obtain sensitive analytics information. This is possible because the information is transmitted in cleartext HTTP to an Adobe Marketing Cloud server operated for Apple. The sensitive information that can be obtained includes details about the installation date and time.Recommendations
For Apple Support app version 1.1 and earlier, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the
Analytics component until the update is applied.Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Marketing Cloud
Isupport