Skip to main content

Files or Directories Accessible to External Parties

CVE-2017-7079

Severity Medium
Score 5.5/10

Summary

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • NONE

CWE-552 - Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

Advisory Timeline

  • Published