Vulnerabilities > CVE-2017-2411 - 7PK - Security Features vulnerability in Apple Iphone OS

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
apple
CWE-254

Summary

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.

Vulnerable Configurations

Part Description Count
OS
Apple
169

Common Weakness Enumeration (CWE)