Cleartext Client-Certificate Transmission Vulnerability in Apple iCloud and iTunes

Cleartext Client-Certificate Transmission Vulnerability in Apple iCloud and iTunes

CVE-2017-2383 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.

Learn more about our Cis Benchmark Audit For Server Software.