Input validation error in tvOS - CVE-2017-7164
Published: April 3, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31339
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7164
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
tvOS
tvOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.
How to mitigate CVE-2017-7164
Install update from vendor's website.