Files or Directories Accessible to External Parties
CVE-2017-7079
Summary
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-552 - Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
References
Advisory Timeline
- Published