Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7147

An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.

Published

2017-10-23T01:29:14.080

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	apple_support	≤ 1.1.1	Yes
Operating System	apple	iphone_os	*	No

References

http://www.securityfocus.com/bid/101533 Third Party Advisory, VDB Entry ([email protected])
https://support.apple.com/HT208201 Vendor Advisory ([email protected])
https://www.info-sec.ca/advisories/Apple-Support.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/101533 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208201 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.info-sec.ca/advisories/Apple-Support.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)