Unauthorized Action Vulnerability in Apple Music for Android
CVE-2020-9982

5.5MEDIUM

Key Information:

Vendor
Apple
Status
Apple Music For Android
Vendor
CVE Published:
27 October 2020

Summary

A vulnerability in Apple Music for Android allows malicious applications to potentially leak a user's credentials. This issue arises from insufficient checks that fail to prevent unauthorized actions, compromising user security. The vulnerability is resolved in version 3.4.0, which implements improved security measures to ensure that user credentials remain protected.

Affected Version(s)

Apple Music for Android < 3.4

References

https://support.apple.com/en-us/HT211898
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.