PT-2019-10909 · Apple · Isupport

Yiğit Can Yilmaz

Published

2019-04-03

Updated

2019-04-05

CVE-2018-4397

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apple Support versions prior to 2.4 for iOS.

Description: The issue involved sending analytics data using HTTP instead of HTTPS, which has been addressed by switching to HTTPS for analytics data transmission.

Recommendations: For versions prior to 2.4, update to Apple Support version 2.4 or later for iOS to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-4397

Affected Products

Isupport

PT-2019-10909 · Apple · Isupport

CVE-2018-4397

Weakness Enumeration

Related Identifiers

Affected Products

References · 3