CVE-2017-13864: Infoleak

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2017-13864.

Q: What is the severity of CVE-2017-13864?

The severity of CVE-2017-13864 is medium.

Q: Which Apple products are affected by CVE-2017-13864?

iCloud before version 7.2 on Windows and iTunes before version 12.7.2 on Windows are affected by CVE-2017-13864.

Q: How can a man-in-the-middle attacker exploit CVE-2017-13864?

A man-in-the-middle attacker can exploit CVE-2017-13864 by leveraging mishandling of client certificates to track users.

Q: Are Microsoft Windows systems vulnerable to CVE-2017-13864?

No, Microsoft Windows systems are not vulnerable to CVE-2017-13864.

Published Dec 6, 2017

Updated

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.

Other sources

APNs Server. A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol.

Credit

FURIOUSMAC Team(United States Naval Academy)

Affected Software

4 affected componentsFixes available

Apple iTunes for Windows<12.7.2

12.7.2

Apple iCloud<7.2

Apple iTunes<12.7.2

Microsoft Windows

Event History

Dec 25, 2017

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208326

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2017-13864.

What is the severity of CVE-2017-13864?