Apple Music for Android CVE-2017-2387 Certificate Validation Information Disclosure Vulnerability

Apple Music for Android is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to Apple Music 2.0 running on Android version 4.3 and later are vulnerable.

Information

Bugtraq ID: 97390
Class: Input Validation Error
CVE: CVE-2017-2387

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: David Coomber of Info-Sec.CA
Vulnerable: Apple Music 1.2.1
Apple Music 1.2.0
Apple Music 1.1.2
Apple Music 1.1.1
Apple Music 1.1.0
Apple Music 1.0.1
Apple Music 1.0.0
Apple Music 0.9.11
Apple Music 0.9.1

Not Vulnerable: Apple Music 2.0

References:

Apple Home Page (Apple)
About the security content of Apple Music 2.0 for Android (Apple)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

Apple Music for Android CVE-2017-2387 Certificate Validation Information Disclosure Vulnerability

Information