Home » 2009 » September » 14

iPod/iPhone standard e-mail application does not validate SSL certificates
and is vulnerable to a MITM (man in the middle attack).

Vulnerable: All versions.

Discovered by: William Borskey wborskey@gmail.com


The mail application that ships with the iPod/iPhone does not validate SSL
certificates. A malicious user can use software such as ettercap-ng to sniff
email passwords without the application warning the victim that the
certificate may be invalid.


This flaw can be exploited with ettercap-ng.
Views: 694 | Added by: apeh1706 | Date: 2009-09-14 | Comments (0)