Cleartext HTTP Vulnerability in iTunes Store Component of iOS

Cleartext HTTP Vulnerability in iTunes Store Component of iOS

CVE-2017-2412 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.

Learn more about our Cis Benchmark Audit For Apple Ios.