Man-in-the-Middle Vulnerability in Apple Music Application for Android
CVE-2017-2387

4.8MEDIUM

Key Information:

Vendor
Apple
Status
Apple Music Before 2.0 For Android
Vendor
CVE Published:
7 April 2017

Summary

The Apple Music application for Android prior to version 2.0 is susceptible to a significant security flaw where it fails to verify X.509 certificates from SSL servers. This vulnerability permits man-in-the-middle attackers to impersonate legitimate servers, enabling them to intercept and manipulate sensitive information transmitted between the application and its users. The lack of proper certificate validation exposes users to potential data breaches and privacy violations. It is crucial for users to update their applications to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

Apple Music before 2.0 for Android Apple Music before 2.0 for Android

References

https://support.apple.com/HT207605
x_refsource_CONFIRM
http://www.info-sec.ca/advisories/Apple-Music.html
x_refsource_MISC
http://www.securityfocus.com/bid/97390
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.