First published: Wed Dec 06 2017(Updated: )
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.
Credit: FURIOUSMAC Team United States Naval Academy product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iTunes for Windows | <12.7.2 | 12.7.2 |
Apple iCloud | <7.2 | |
Apple iTunes | <12.7.2 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2017-13864.
The severity of CVE-2017-13864 is medium.
iCloud before version 7.2 on Windows and iTunes before version 12.7.2 on Windows are affected by CVE-2017-13864.
A man-in-the-middle attacker can exploit CVE-2017-13864 by leveraging mishandling of client certificates to track users.
No, Microsoft Windows systems are not vulnerable to CVE-2017-13864.