Medium severity4.8NVD Advisory· Published Apr 7, 2017· Updated May 13, 2026

CVE-2017-2387

Description

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected products

N/A/Apple Music Before 2.0 For Androidv5
Range: Apple Music before 2.0 for Android
Apple Inc./Apple Music
cpe:2.3:a:apple:apple_music:1.2.1:*:*:*:*:android:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.info-sec.ca/advisories/Apple-Music.htmlnvdThird Party Advisory
www.securityfocus.com/bid/97390nvdThird Party AdvisoryVDB Entry
support.apple.com/HT207605nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.312
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000