CVE-2017-13864

EUVD-2017-5379
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
appleicloud
𝑥
< 7.2
appleitunes
𝑥
< 12.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102192
http://www.securitytracker.com/id/1040013
https://support.apple.com/HT208326
https://support.apple.com/HT208328
http://www.securityfocus.com/bid/102192
http://www.securitytracker.com/id/1040013
https://support.apple.com/HT208326
https://support.apple.com/HT208328