Apple Music
by Apple Inc.
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2387 | Med | 0.31 | 4.8 | 0.00 | Apr 7, 2017 | The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2024-54540 | 0.00 | — | 0.00 | Jan 15, 2025 | The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | |||
| CVE-2023-28203 | 0.00 | — | 0.00 | Jul 28, 2023 | The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts. | |||
| CVE-2023-32427 | 0.00 | — | 0.00 | Jul 28, 2023 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic. | |||
| CVE-2022-32906 | 0.00 | — | 0.00 | Feb 27, 2023 | This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections. | |||
| CVE-2021-46841 | 0.00 | — | 0.00 | Feb 27, 2023 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. | |||
| CVE-2022-32846 | 0.00 | — | 0.01 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | |||
| CVE-2022-32836 | 0.00 | — | 0.01 | Feb 27, 2023 | This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | |||
| CVE-2020-9982 | 0.00 | — | 0.01 | Oct 27, 2020 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials. |
- risk 0.31cvss 4.8epss 0.00
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2024-54540Jan 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.
- CVE-2023-28203Jul 28, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.
- CVE-2023-32427Jul 28, 2023risk 0.00cvss —epss 0.00
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.
- CVE-2022-32906Feb 27, 2023risk 0.00cvss —epss 0.00
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections.
- CVE-2021-46841Feb 27, 2023risk 0.00cvss —epss 0.00
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.
- CVE-2022-32846Feb 27, 2023risk 0.00cvss —epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.
- CVE-2022-32836Feb 27, 2023risk 0.00cvss —epss 0.01
This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.
- CVE-2020-9982Oct 27, 2020risk 0.00cvss —epss 0.01
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.