CVE-2017-7164

MEDIUM

iPhone OS < 11.2 and tvOS < 11.2 - Man-in-the-Middle Password Prompt Spoofing in App Store

Title source: llm
STIX 2.1

Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208327
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208334

Scores

CVSS v3 5.9
EPSS 0.0083
EPSS Percentile 52.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
apple/iphone_os < 11.2
apple/tvos < 11.2
Published Apr 03, 2018
Tracked Since Feb 18, 2026