CVE-2017-7147
First published: Mon Oct 23 2017(Updated: )
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Support | <=1.1.1 | |
| iPhone OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7147?
CVE-2017-7147 has a medium severity rating due to its potential to expose sensitive analytics information.
How do I fix CVE-2017-7147?
To fix CVE-2017-7147, update the Apple Support app to version 1.2 or later.
What is affected by CVE-2017-7147?
CVE-2017-7147 affects the Apple Support app versions before 1.2 for iOS.
Can CVE-2017-7147 be exploited remotely?
Yes, CVE-2017-7147 can be exploited remotely by attackers to gather sensitive analytics information.
Which Apple products are impacted by CVE-2017-7147?
CVE-2017-7147 impacts certain Apple products running the affected versions of the Apple Support app on iOS.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple support
- version/apple support/1.1.1
- canonical/iphone os