CVE-2017-7133
HIGHiPhone OS < 10.3.3 - Cleartext Transmission of Sensitive Information in MobileBackup
Title source: llmDescription
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100892
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039385
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208112
Scores
CVSS v3
7.5
EPSS
0.0111
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
apple/iphone_os
< 10.3.3
Published
Oct 23, 2017
Tracked Since
Feb 18, 2026