CVE-2017-2387

Summary

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Software

VendorProductVersion RangeStatus
n/aApple Music before 2.0 for AndroidApple Music before 2.0 for Androidaffected

Weaknesses

  • missing SSL certificate check

ADP Enrichment

CVE Program Container

Additional References

References