CVE-2017-7079

MEDIUM

Description

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.

References

http://www.securityfocus.com/bid/100983

https://support.apple.com/HT208140

Details

Source: MITRE

Published: 2017-10-23

Updated: 2019-10-03

Type: CWE-552

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:* versions up to 12.6.2 (inclusive)

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
103508iTunes < 12.7 Data Sync Vulnerability (Mac OS)NessusMacOS X Local Security Checks
medium