Apple iTunes Movie Trailers iOS Application - Insecure Transport
Overview
"iTunes Movie Trailers puts the newest HD movie previews in your hands. Browse trailers, clips, and featurettes for the biggest Hollywood blockbusters and independent cinema, view stunning HD photos, explore a year-long
calendar of movie releases, find showtimes near you, and get ticket info directly from your iPad or iPhone."
(https://apps.apple.com/us/app/itunes-movie-trailers/id471966214)
Issue
The Apple iTunes Movie Trailers iOS application (version 1.4.4 and below) sends traffic unencrypted via HTTP.
Impact
An attacker who can sniff network traffic could capture sensitive information without the user's knowledge.
Timeline
December 15, 2021 - Notified Apple via product-security@apple.com
December 15, 2021 - Apple sent an auto acknowledgment
April 1, 2022 - Apple confirmed the vulnerability
August 31, 2023 - Apple released version 2.0 which retires the app
Solution
Upgrade to version 2.0 or remove the app as it is no longer in use
Questions?
Contact Information