Network Activity Tracking Issue in Apple Music for Android
CVE-2021-46841

5.9MEDIUM

Key Information:

Vendor: Apple
Status: Apple Music For Android
Vendor: CVE Published:; 27 February 2023

Summary

A vulnerability in Apple Music for Android allows an attacker in a privileged network position to monitor user activity due to improper data transmission. This issue has been addressed in version 3.5.0 by implementing HTTPS, enhancing data protection during network communication.

Affected Version(s)

Apple Music for Android < 3.5

References

https://support.apple.com/en-us/HT213472

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Sep 28, 2022