SSL/TLS Interception Vulnerability in Apple Music for Android
CVE-2022-32906

5.3MEDIUM

Key Information:

Vendor: Apple
Status: Apple Music For Android
Vendor: CVE Published:; 27 February 2023

Summary

An SSL/TLS interception vulnerability affects Apple Music for Android, enabling potential interception of network traffic by users in a privileged network position. This flaw allows attackers to compromise the security of data transmission by exploiting vulnerabilities in SSL/TLS connections. This issue has been addressed in Apple Music version 3.9.10 for Android, which enforces the use of HTTPS to ensure secure communication over the network, mitigating the risk of unauthorized data capture.

Affected Version(s)

Apple Music for Android < 3.9

References

https://support.apple.com/en-us/HT213473

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jun 9, 2022