Exploit the possiblities

Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics

Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics
Posted Oct 24, 2017
Authored by David Coomber

Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).

tags | advisory
systems | apple, ios
advisories | CVE-2017-7147
MD5 | 228b93dcbffcf65f58e7495bb25a4bb0

Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics

Change Mirror Download
Apple Support iOS Application - Unencrypted Third Party Analytics (CVE-2017-7147)

Overview

"Need help? Apple Support app is your personalized guide to the best options from Apple. Find answers with articles tailored to your products and questions. Call, chat or email with an expert right away, or schedule a callback when itas convenient. Get a repair at an Apple Store or a nearby Apple Authorized Service Provider. Apple Support is here to help."

(https://itunes.apple.com/us/app/apple-support/id1130498044)

Issue

The Apple Support iOS application (version 1.1.1 and below) sends potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).

Impact

An attacker who can monitor network traffic could capture potentially sensitive information about the iOS device without the user's knowledge.

Timeline

June 16, 2017 - Notified Apple via product-security@apple.com
June 16, 2017 - Apple sent an auto acknowledgment
June 16, 2017 - Apple responded stating that they are investigating
July 10, 2017 - Asked for a status update
July 10, 2017 - Apple responded stating that they are still investigating
August 21, 2017 - Asked for a status update
August 21, 2017 - Apple responded stating that they are still investigating
August 30, 2017 - Apple released version 1.2 which sends the analytics data over an encrypted connection
October 17, 2017 - Apple published a security advisory to document the issue

Solution

Upgrade to version 1.2 or later

https://support.apple.com/en-ca/HT208201
https://support.apple.com/en-us/HT201222

CVE-ID: CVE-2017-7147

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    17 Files
  • 24
    Jan 24th
    35 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close