Input validation error in tvOS

#VU31339 Input validation error in tvOS

Published: 2018-04-03 | Updated: 2020-07-17

Vulnerability identifier: #VU31339

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7164

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
tvOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.

Mitigation
Install update from vendor's website.

Vulnerable software versions

tvOS: 11.1

External links
http://support.apple.com/HT208327
http://support.apple.com/HT208334

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in Apple tvOS