cvelistv5 - cve-2017-13864

CVE-2017-13864 (GCVE-0-2017-13864)

Vulnerability from cvelistv5 – Published: 2017-12-25 21:00 – Updated: 2024-08-05 19:13

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1040013	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT208326	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102192	vdb-entryx_refsource_BID
	https://support.apple.com/HT208328	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:13:41.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040013",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208326"
          },
          {
            "name": "102192",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-26T10:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1040013",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208326"
        },
        {
          "name": "102192",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-13864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040013",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040013"
            },
            {
              "name": "https://support.apple.com/HT208326",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208326"
            },
            {
              "name": "102192",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102192"
            },
            {
              "name": "https://support.apple.com/HT208328",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-13864",
    "datePublished": "2017-12-25T21:00:00",
    "dateReserved": "2017-08-30T00:00:00",
    "dateUpdated": "2024-08-05T19:13:41.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2\", \"matchCriteriaId\": \"38F90EA2-2903-4BF7-9E5E-405CBD84A835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7.2\", \"matchCriteriaId\": \"D18B3810-D8DC-4A49-82B5-6819B9BE22AE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \\\"APNs Server\\\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iCloud anteriores a la 7.2 en Windows y las versiones de iTunes anteriores a la 12.7.2 en Windows. El problema afecta al componente \\\"APNs Server\\\". Permite que atacantes de Man-in-the-Middle (MitM) rastreen usuarios aprovechando la gesti\\u00f3n incorrecta de certificados de cliente.\"}]",
      "id": "CVE-2017-13864",
      "lastModified": "2024-11-21T03:11:49.167",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-25T21:29:14.217",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102192\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040013\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208326\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208328\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102192\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208326\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT208328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-13864\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-12-25T21:29:14.217\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \\\"APNs Server\\\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iCloud anteriores a la 7.2 en Windows y las versiones de iTunes anteriores a la 12.7.2 en Windows. El problema afecta al componente \\\"APNs Server\\\". Permite que atacantes de Man-in-the-Middle (MitM) rastreen usuarios aprovechando la gesti\u00f3n incorrecta de certificados de cliente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2\",\"matchCriteriaId\":\"38F90EA2-2903-4BF7-9E5E-405CBD84A835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.2\",\"matchCriteriaId\":\"D18B3810-D8DC-4A49-82B5-6819B9BE22AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102192\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040013\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208326\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208328\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-QCG7-7RRG-78RF

Vulnerability from github – Published: 2022-05-14 04:03 – Updated: 2022-05-14 04:03

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-13864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-25T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
  "id": "GHSA-qcg7-7rrg-78rf",
  "modified": "2022-05-14T04:03:16Z",
  "published": "2022-05-14T04:03:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13864"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208326"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208328"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-469

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.7.9
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.6.9
Apple	N/A	iOS versions antérieures à 11.2.1
Apple	N/A	tvOS versions antérieures à 11.2.1
Apple	N/A	iCloud pour Windowsversions antérieures à 7.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208258 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208357 du 13 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208354 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208328 du 13 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208359 du 13 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.7.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.6.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windowsversions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13864"
    },
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13870"
    },
    {
      "name": "CVE-2017-7156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7156"
    },
    {
      "name": "CVE-2017-9417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
    },
    {
      "name": "CVE-2017-13866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13866"
    },
    {
      "name": "CVE-2017-13903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13903"
    },
    {
      "name": "CVE-2017-7157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7157"
    },
    {
      "name": "CVE-2017-13856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13856"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-469",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208258 du 12 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208357 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208357"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208354 du 12 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208354"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208328 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208328"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208359 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208359"
    }
  ]
}

CERTFR-2017-AVI-469

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.7.9
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.6.9
Apple	N/A	iOS versions antérieures à 11.2.1
Apple	N/A	tvOS versions antérieures à 11.2.1
Apple	N/A	iCloud pour Windowsversions antérieures à 7.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208258 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208357 du 13 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208354 du 12 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208328 du 13 décembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208359 du 13 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.7.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciels de AirPort Base Station versions ant\u00e9rieures \u00e0 7.6.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windowsversions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13864"
    },
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13870"
    },
    {
      "name": "CVE-2017-7156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7156"
    },
    {
      "name": "CVE-2017-9417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
    },
    {
      "name": "CVE-2017-13866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13866"
    },
    {
      "name": "CVE-2017-13903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13903"
    },
    {
      "name": "CVE-2017-7157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7157"
    },
    {
      "name": "CVE-2017-13856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13856"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-469",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208258 du 12 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208357 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208357"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208354 du 12 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208354"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208328 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208328"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208359 du 13 d\u00e9cembre 2017",
      "url": "https://support.apple.com/en-us/HT208359"
    }
  ]
}

VAR-201712-0262

Vulnerability from variot - Updated: 2023-12-18 11:02

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. Apple iCloud/iTunes are prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iCloud for Windows is a cloud service based on the Windows platform, which supports storage of music, photos, Apps and contacts, etc. A remote attacker could exploit this vulnerability to track users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-12-13-3 iCloud for Windows 7.2

iCloud for Windows 7.2 is now available and addresses the following:

APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher

Installation note:

iCloud for Windows 7.2 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnUIpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaAFBAA j1labMyPbFVE/pyYnyry4oO7ngi1PbCs0llErrZUYflZ6X2S32WE4y0wT4VPQqxQ Ew4/bzqTCtlcFEt0oeqNFicfuau6ti63+vct+yD7cTPJeA4Gk9U6uPFalmINUOfA X+8z/6L7eONrI4TKBtOMf3B67blOQdFLG3jOIuyHV7v4GWwbLLuZ6meBAhn3Q+K5 MWP79j7UKYJi2qCYOyafyO+WWU1P0h4LSooer4fDkp8jA5c17TylUhWjv4xJvrOD FGerSvQFC+fp+9ehD2UozXN+smQcYKKaHxp2ZIxU+p9KdeXtgW3cZMuU1kMY3A88 QqLLsXKHJF0+y2YMu6/0dZBNNsiATQ42RbCAot7uo1cEgei64jBsxPC2piHqsxSA wU9hjrqPMweRh64oPC8AOlR4NOAndSmUwEEosIibe/++Na8jyMwXYQh3pgilFIY7 6UfO0ZPP4f5ZWDnu0BDMwR8NFwyHn29tJbYqPVJ3/BZ8SrTHfozrJVXJzwmyeyw7 gd3UU6cTu43Z5x2/uenWYZltymptzfV/x1A7TuqpYD5IMjZDZWnBaQ2AkdWDdj3K wTjVzGtk66lo8L+n58eypJNKbgZ+KowEVMNRUh7HjcBeXod6F9u8hyBhkE4vsj63 7bIP0UwSnZ8RFUf+T4xqciQ72grjhlk+3ykt3xs6h4Q= =MPzc -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.2"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.2   (windows 7 or later )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7.2   (windows 7 or later )"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.4.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.1"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.2"
      },
      {
        "model": "icloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FURIOUSMAC Team of United States Naval Academy",
    "sources": [
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-13864",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-13864",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-104529",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-13864",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-13864",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-591",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-104529",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. Apple iCloud/iTunes are prone to a security bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iCloud for Windows is a cloud service based on the Windows platform, which supports storage of music, photos, Apps and contacts, etc. A remote attacker could exploit this vulnerability to track users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-13-3 iCloud for Windows 7.2\n\niCloud for Windows 7.2 is now available and addresses the following:\n\nAPNs Server\nAvailable for: Windows 7 and later\nImpact: An attacker in a privileged network position can track a user\nDescription: A privacy issue existed in the use of client\ncertificates. This issue was addressed through a revised protocol. \nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7156: an anonymous researcher\nCVE-2017-7157: an anonymous researcher\nCVE-2017-13856: Jeonghoon Shin\nCVE-2017-13870: an anonymous researcher\nCVE-2017-13866: an anonymous researcher\n\nInstallation note:\n\niCloud for Windows 7.2 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnUIpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaAFBAA\nj1labMyPbFVE/pyYnyry4oO7ngi1PbCs0llErrZUYflZ6X2S32WE4y0wT4VPQqxQ\nEw4/bzqTCtlcFEt0oeqNFicfuau6ti63+vct+yD7cTPJeA4Gk9U6uPFalmINUOfA\nX+8z/6L7eONrI4TKBtOMf3B67blOQdFLG3jOIuyHV7v4GWwbLLuZ6meBAhn3Q+K5\nMWP79j7UKYJi2qCYOyafyO+WWU1P0h4LSooer4fDkp8jA5c17TylUhWjv4xJvrOD\nFGerSvQFC+fp+9ehD2UozXN+smQcYKKaHxp2ZIxU+p9KdeXtgW3cZMuU1kMY3A88\nQqLLsXKHJF0+y2YMu6/0dZBNNsiATQ42RbCAot7uo1cEgei64jBsxPC2piHqsxSA\nwU9hjrqPMweRh64oPC8AOlR4NOAndSmUwEEosIibe/++Na8jyMwXYQh3pgilFIY7\n6UfO0ZPP4f5ZWDnu0BDMwR8NFwyHn29tJbYqPVJ3/BZ8SrTHfozrJVXJzwmyeyw7\ngd3UU6cTu43Z5x2/uenWYZltymptzfV/x1A7TuqpYD5IMjZDZWnBaQ2AkdWDdj3K\nwTjVzGtk66lo8L+n58eypJNKbgZ+KowEVMNRUh7HjcBeXod6F9u8hyBhkE4vsj63\n7bIP0UwSnZ8RFUf+T4xqciQ72grjhlk+3ykt3xs6h4Q=\n=MPzc\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-13864",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "102192",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1040013",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98418454",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "38421",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-104529",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145448",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145449",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "id": "VAR-201712-0262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:02:27.662000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "HT208328",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208328"
      },
      {
        "title": "HT208326",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht208326"
      },
      {
        "title": "HT208328",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208328"
      },
      {
        "title": "HT208326",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht208326"
      },
      {
        "title": "Apple iCloud for Windows  and iTunes for Windows APNs Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77149"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102192"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208326"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208328"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1040013"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13864"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13864"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98418454/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/38421"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht208326"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/in/icloud/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht208328"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00006.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13866"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13856"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13870"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7157"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7156"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "BID",
        "id": "102192"
      },
      {
        "date": "2018-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "date": "2017-12-16T02:33:33",
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "date": "2017-12-16T03:33:33",
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "date": "2017-12-25T21:29:14.217000",
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "date": "2017-12-19T21:01:00",
        "db": "BID",
        "id": "102192"
      },
      {
        "date": "2018-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "date": "2017-12-28T18:10:17.707000",
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows for  Apple iCloud and  iTunes of  APNs Server component vulnerability in server components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-13864

Vulnerability from fkie_nvd - Published: 2017-12-25 21:29 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/102192	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1040013	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT208326	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208328	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102192	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040013	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208326	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208328	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F90EA2-2903-4BF7-9E5E-405CBD84A835",
              "versionEndExcluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18B3810-D8DC-4A49-82B5-6819B9BE22AE",
              "versionEndExcluding": "12.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iCloud anteriores a la 7.2 en Windows y las versiones de iTunes anteriores a la 12.7.2 en Windows. El problema afecta al componente \"APNs Server\". Permite que atacantes de Man-in-the-Middle (MitM) rastreen usuarios aprovechando la gesti\u00f3n incorrecta de certificados de cliente."
    }
  ],
  "id": "CVE-2017-13864",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-25T21:29:14.217",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040013"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208326"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208328"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-13864

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-13864

Aliases

CVE-2017-13864

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-13864",
    "description": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
    "id": "GSD-2017-13864"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-13864"
      ],
      "details": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
      "id": "GSD-2017-13864",
      "modified": "2023-12-13T01:21:02.081812Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-13864",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040013",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040013"
          },
          {
            "name": "https://support.apple.com/HT208326",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208326"
          },
          {
            "name": "102192",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102192"
          },
          {
            "name": "https://support.apple.com/HT208328",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208328"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-13864"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208328",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208328"
            },
            {
              "name": "https://support.apple.com/HT208326",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208326"
            },
            {
              "name": "1040013",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040013"
            },
            {
              "name": "102192",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102192"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-12-28T18:10Z",
      "publishedDate": "2017-12-25T21:29Z"
    }
  }
}

CNVD-2017-37287

Vulnerability from cnvd - Published: 2017-12-19

Title

Apple iCloud for Windows和iTunes for Windows APNs Server安全绕过漏洞

Description

Apple iCloud for Windows和iTunes for Windows都是美国苹果（Apple）公司的产品。Apple iCloud for Windows是一款基于Windows平台的云服务，它支持存储音乐、照片、App和联系人等。iTunes for Windows是一套基于Windows平台的媒体播放器应用程序。APNs Server是使用在其中的一个用于消息推送的服务器组件。基于Windows平台的Apple iCloud 7.2之前的版本和iTunes 12.7.2之前的版本中的APNs Server组件中存在安全绕过漏洞。远程攻击者利用该漏洞跟踪用户。

Severity

中

Patch Name

Apple iCloud for Windows和iTunes for Windows APNs Server安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/en-in/HT208326

Reference

http://seclists.org/fulldisclosure/2017/Dec/53 http://www.securityfocus.com/bid/102192

Impacted products

Name
['Apple iCloud <7.2', 'Apple iTunes <12.7.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102192"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13864"
    }
  },
  "description": "Apple iCloud for Windows\u548ciTunes for Windows\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iCloud for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iTunes for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002APNs Server\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u6d88\u606f\u63a8\u9001\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.2\u4e4b\u524d\u7684\u7248\u672c\u548ciTunes 12.7.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684APNs Server\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8ddf\u8e2a\u7528\u6237\u3002",
  "discovererName": "FURIOUSMAC Team of United States Naval Academy",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-in/HT208326",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37287",
  "openTime": "2017-12-19",
  "patchDescription": "Apple iCloud for Windows\u548ciTunes for Windows\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iCloud for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iTunes for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002APNs Server\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u6d88\u606f\u63a8\u9001\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.2\u4e4b\u524d\u7684\u7248\u672c\u548ciTunes 12.7.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684APNs Server\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8ddf\u8e2a\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iCloud for Windows\u548ciTunes for Windows APNs Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iCloud \u003c7.2",
      "Apple iTunes \u003c12.7.2"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Dec/53\r\nhttp://www.securityfocus.com/bid/102192",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-18",
  "title": "Apple iCloud for Windows\u548ciTunes for Windows APNs Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-13864 (GCVE-0-2017-13864)

GHSA-QCG7-7RRG-78RF

CERTFR-2017-AVI-469

Solution

CERTFR-2017-AVI-469

Solution

VAR-201712-0262

FKIE_CVE-2017-13864

GSD-2017-13864

CNVD-2017-37287

Tags

Sightings

Nomenclature