An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.
Apple Security Advisory 2017-03-27-4 - iOS 10.3 is now available and addresses code execution, information disclosure, denial of service, and various other vulnerabilities.